Explore how developers can access Kubernetes data without privileged access using a custom application and the k8s API Server.
Challenges in Facilitating Developer Access to AKS API
There is useful data in Kubernetes that is not readily exposed to developers. Our developers frequently need access to the following, and we encountered challenges providing them with that information:
- Application version information
We store the version of a given application in a tag associated with the Deployment. Developers need access to this to confirm which version of the code they should examine when addressing issues or developing enhancements.
This can be accessed in the Azure portal; however, that requires us to provide developers with access in Azure and many clicks in a counter-intuitive location.
Alternatively, we could provide developers with users in Kubernetes, but that requires a complex permissions scheme and would require developers to become familiar with kubectl commands.
- Application logs
We store application logs in a Log Analytics Workspace, but the interface is clunky and doesn't provide great functionality for copying multiple lines of logs.
Again, we could have given developers access to Kubectl but did not for the above reasons.
Our solution? Write a custom application that quickly exposes this information! We already have a plethora of applications running in our Kubernetes cluster, so the logical approach would be to host our custom application there as well. Luckily for us, this was also most conducive to accessing the very data we were looking to expose.
Benefits of Simplifying Developer Access to Kubernetes Data
This approach allows our developers to focus on writing applications rather than learning complex cloud architecture or reaching out to our cloud architects for information that should be readily accessible. It also simplifies permissions and provides a one-stop shop for anything related to Kubernetes our developers may need access to.
Further reading
Setting up a Service Account: https://www.teamim.com/insights/kubernetes-developer-tools-service-account
Retrieving Pod data: https://www.teamim.com/insights/kubernetes-developer-tools-displaying-application-version
Retrieving Logs: https://www.teamim.com/insights/kubernetes-developer-tools-retrieving-application-logs
No Comments Yet
Let us know what you think