Introducing Kubernetes Resource View in Amazon EKS console
Amazon Elastic Kubernetes Service (Amazon EKS) is excited to introduce the Kubernetes resource view. You will now be able to see all Kubernetes API resource types running in your Amazon EKS cluster using the AWS Management Console for Amazon EKS, making it easier to visualize and troubleshoot your Kubernetes applications using Amazon EKS.
Amazon EKS now puts Kubernetes at your fingertips, so you can understand all standard Kubernetes API resource types while maintaining the same level of access through the console as users’ existing Kubernetes role-based access control (RBAC) permissions.
Until now, the Amazon EKS console only supported viewing workload specific resources, such as deployments, jobs, and daemonsets running in your cluster. You asked us for a simple way to easily visualize the configuration of all your Kubernetes applications and API resources. When you wanted to troubleshoot an issue, you needed to install and run additional tools to view and understand any other Kubernetes resource type. Additionally, these tools add installation and configuration steps before you can view cluster resource types. All of this work means it took longer to access cluster resources with Amazon EKS, especially if you were a new user.
The updated Amazon EKS console now lets you view and explore the entire state of your cluster. This includes all standard Kubernetes API resource types such as service resources, configuration and storage resources, authorization resources, policy resources and more. Kubernetes resources view in the console is supported for all Kubernetes clusters hosted by Amazon EKS or any Kubernetes cluster using Amazon EKS Connector. You can easily filter your Kubernetes resources by a specific namespace and search by property values, making it quick and easy to find resource types, all within a single consistent experience in the console. When you switch contexts, for example between policies and storage, the namespace selection carries over.
Updated Kubernetes API resource view for your Kubernetes clusters
To view the Overview and Resources tabs in the AWS Management Console, the user that you’re signed into the AWS Management Console as, or the role that you switch to once you’re signed in, must have specific minimum IAM and Kubernetes permissions. You will notice the updated Resources tab. We have updated the Workloads tab that showed the applications running on your cluster to the Resources tab.
By default, all Kubernetes API resource types are shown, but you can filter by namespace or search for specific values to find what you’re looking for quickly.
The updated resource view offers two views for Kubernetes API Workloads resource—a structured view and a raw view. The structured view provides a visually structured view with resource information grouped and structured appropriately to help you access and assess the data for the resource. In the example below, you can see a structured view for the kube-proxy pod that breaks the pod information into Info, Containers, Labels and Annotations sections. We are working towards full support for structured view for all resources.
Raw view shows the complete JSON output from the Kubernetes API, which is useful for understanding the configuration and state of resource types that do not have structured view support in the Amazon EKS console. In the raw view example, we show the raw view for the kube-proxy pod.
Note that you’ll only see resources that you have RBAC permissions to access. You can use the dropdown selector to quickly filter workloads by namespace, giving you a more focused view of cluster workloads.
All of the cluster management controls are still here, grouped under the Configuration tab. This view holds all of the cluster’s configuration information, controls for compute, networking, add-ons, authentication, logging, update history, and tags.
Strong security controls are a critical part of running Kubernetes, and the EKS console is no exception. Access is controlled by AWS Identity and Access Management (IAM), so users have the same level of access through the console as their existing RBAC permissions. Users or roles used to access AWS Management Console must have specific minimum IAM and Kubernetes permissions to view the Overview and Resources tabs. You can find more details about the required permissions and how to configure these permissions in ‘View Kubernetes resources’ documentation. We have published troubleshooting guidance for IAM in Amazon EKS documentation to help ensure access is limited to authorized users. When appropriate logs are enabled, Kubernetes API logs are sent from the Amazon EKS cluster to CloudWatch Logs in the same account.
The updated EKS console with the Kubernetes API resources view is available for every new and existing EKS cluster, and it is supported for all Kubernetes clusters using Amazon EKS Connector starting today. This EKS console update is the first of several updates we have planned for the console designed to improve and simplify the user experience.
We are always keen to learn how we can improve the EKS console using the container roadmap. Please provide us with feedback on what other related functionality you would consider useful by opening an issue on the roadmap.