Configure and access the kubectl shell from within the DuploCloud Portal
This feature provides an alternative to downloading a kubeconfig and installing kubectl locally. It opens a fully configured shell within a browser tab, equipped with kubectl and an associated kubeconfig. This convenient setup allows you to quickly access your Kubernetes clusters directly from the DuploCloud Portal, with no need for downloading or configuring files on your machine.
kubectl shell in the DuploCloud PlatformFor EKS, kubectl is already enabled in the DuploCloud Platform. Once the EKS infrastructure is ready, you can navigate to Kubernetes -> Services in the DuploCloud platform and use the KubeCtl menu options to view the kubectl token, settings, and configuration details.
To set up the kubectl shell in DuploCloud for GKE and AKS users, see the links below.
You can also obtain Just-In-Time (JIT) access to Kubernetes by using duplo-jit. See the JIT Access documentation for detailed information about:
• Obtaining JIT access using the UI and CLI.
• Installing duplo-jit using various tools.
• Getting credentials for AWS access interactively or with an API token.
• Accessing the AWS Console.
kubectl Shell from the DuploCloud PortalUse kubectl to access the Kubernetes cluster for your Tenant namespace.
From the Tenant list box, select the correct Tenant.
Navigate to Kubernetes -> Services.
Click on the Service name from the NAME column.
From the KubeCtl options, select KubeCtl Shell. A shell instance will launch, allowing you to interact with the Kubernetes cluster directly using kubectl commands.
Configure the kubectl shell for for DuploCloud-managed GKE deployments
Enabling kubectl shell access in GCP is part of a one-time DuploCloud Portal setup process.
In the Tenant list box, select the correct Tenant.
Navigate to Kubernetes -> Nodes.
Select the Node Pool tab, and click Add.
Complete the required fields, and click Create. Once the node pool is complete, it will display on the GCP VM tab with a status of Running.
In the Tenant list box, select the correct Tenant.
Navigate to Kubernetes -> Services.
Click Add. The Add Service page displays.
From the table below, enter the values that correspond to the fields on the Add Service page. Accept default values for fields not specified.
Name
kubectl
Cloud
Google
Platform
GKE Linux
Docker Image
duplocloud/shell:terraform_kubectl_v15
In the Environment Variables field, enter the following YAML. Replace the flask app secret (b33d13ab-5b46-443d-a19d-asdfsd443 in this example) with a string of random numbers and letters in the same format and replace CUSTOMER_PREFIX with your customer URL prefix.
Click Next. The Advanced Options page displays.
Click Create. The Service is created.
Navigate to Kubernetes -> Services.
Select the kubectl Service from the NAME column.
Select the Load Balancers tab, and click Configure Load Balancer. The Add Load Balancer Listener pane displays.
In the Select Type list box, select K8s Cluster IP.
In the Container port and External port fields, enter 80.
In the Health Check field, enter /duplo_auth.
In the Backend Protocol list box, select TCP
Select Advanced Kubernetes settings and Set HealthCheck annotations for Ingress.
Click Add. The Load Balancer listener is added.
In the Tenant list box, select the correct Tenant.
Navigate to Kubernetes -> Ingress.
Click Add. The Add Kubernetes Ingress page displays.
In the Ingress Name field, enter kubect-shell.
From the Ingress Controller list box, select gce.
In the Visibility list box, select Public.
In the DNS Prefix field, enter the DNS name prefix.
In the Certificate ARN list box, select the ARN added to the Plan in the Certificate for Load Balancer and Ingress step.
Click Add Rule. The Add Ingress Rule pane displays.
In the Path field, enter (/)
In the Service Name list box, select the Service previously created (kubectl:80)
Click Add Rule. A rule directing all traffic to the kubectl Service is created.
13. On the Add Kubernetes Ingress page, click Add. The Ingress is created.
Navigate to Administrator -> Systems Settings.
Select the System Config tab, and click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
From the Key list box, select Other.
In the second Key field, enter DuploShellfqdn
In the Value field, paste the Ingress DNS. To find the Ingress DNS, navigate to Kubernetes -> Ingress, and copy the DNS from the DNS column.
Click Submit. kubectl shell access is enabled.
Configure the kubectl shell for for DuploCloud-managed AKS deployments
From the Tenant list box, select the correct Tenant.
Navigate to Kubernetes -> Services.
Click Add. The Add Service page displays.
Enter the values in the table below in the fields on the Add Service page. Accept default values for fields not specified.
Name
kubectl
Cloud
Azure
Platform
AKS Linux
Docker Image
duplocloud/shell:terraform-kubectl-latest
From the DuploCloud Portal, navigate to Kubernetes -> Services.
From the NAME column, select the kubectl service you created in the previous step.
Select the Load Balancers tab, and click Configure Load Balancer.
Select type Cluster IP.
Set external and container ports to 80.
In the Health Check field, enter /duplo_auth.
In the Backend Protocol field, select TCP.
Click Add.
In the DuploCloud Portal, navigate to Kubernetes -> Ingress, and click Add.
In the Name field, enter kubect-shell. Add a Path that defaults all traffic to the kubectl Service we created in the previous step:
Navigate to Administrator -> Systems Settings.
Select the System Config tab, and click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
From the Key list box, select Other.
In the second Key field, enter DuploShellfqdn
In the Value field, paste the Ingress DNS name.
Click Submit. kubectl shell access is enabled.
