Skip to main contentIBM Cloud Pak Playbook

OpenShift Platform Day2 - Miscellaneous - Web Console Access

Web Console Access Overview

The OpenShift Container Platform Web Console is a user interface accessible from a web browser. Developers can use the Web Console to visualize, browse, and manage the contents of projects.
After your OpenShift installation is completed then you can immediately access the Web Console. In fact, the OpenShift installation script will display how access the webconsole as part of the installation complete message.

To see more information please see the Online documentation of the Web Console

Day 1 Platform

As Day 1 tasks (or a preparation of the Day 2 tasks), you need to prepare the certificate for the URL of Web Console. During the installation, the self-singed certificate for the URL of Web Console access will be generated.

Day 2 Platform

We can modify and customize the OpenShift Web Console. We can also disable it.

Day 1 Application

N/A

Day 2 Application

  • Developer Console: The Developer perspective provides workflows specific to developer use cases

Mapping to Personas

PersonaDay 2 Tasks
SREConfiguring the Web Console
SRECustomizing the Web Console
SREUpdating the certificate for the Web Console URL
SREDisabling the Web Console
DevOps/SREThe Developer perspective

Configuring the Web Console

You can modify the OpenShift Container Platform Web Console to set a logout redirect URL or disable the console by editing the console.config.openshift.io resource.

Customizing the Web Console

You can customize the OpenShift Container Platform Web Console including the followings:

  • Adding a custom logo and product name
  • Creating custom links in the Web Console
  • Defining a template for an external log link
  • Creating custom notification banners
  • Customizing CLI downloads
  • Adding YAML examples to Kubernetes resources

It is especially helpful if you need to tailor the Web Console to meet specific corporate or government requirements.

The Developer perspective

The OpenShift Container Platform Web Console provides two perspectives; the Administrator perspective and the Developer perspective. The Developer perspective provides workflows specific to developer use cases, such as the ability to:

  • Create and deploy applications on OpenShift Container Platform by importing existing codebases, images, and dockerfiles.
  • Visually interact with applications, components, and services associated with them within a project and monitor their deployment and build status.
  • Group components within an application and connect the components within and across applications.
  • Integrate serverless capabilities (Technology Preview).
  • Create workspaces to edit your application code using Eclipse Che.

Managing Developer access (User permissions)

You can manage what capabilities are enabled/disabled on the Web Console for the DevOps engineer based on the RBAC rules. For example, with the no-privileged user’s default settings, there is no “Monitoring” and “Compute” menu in the Administrator view. webconsole_diff_1

You can find the default user permissions in here.

You can find out the information about the RBAC in here.

Updating the certificate for the Web Console URL

When you build an OpenShift 4 cluster, a self-signed certificate is applied to HTTPS endpoints such as the Web Console and API server by default.
Therefore, a certificate verification error occurs when accessing with a browser or the oc command, and it is necessary to perform an operation of “permit access to potentially insecure endpoints”, so in operations such as a production environment, it is not a good idea to keep using as it is.
In other words, you would replace it with a formal certificate if necessary.
In addition to the certificate corresponding to the API server (api. <OpenShift 4 cluster domain>), the certificate requires a wildcard certificate (* .apps. <OpenShift 4 cluster domain>) corresponding to Router.
Replacing a certificate is a very simple task. You will login to the cluster as a user with the cluster-admin role and applying the prepared formal certificate with the oc command.

Disabling the Web Console

If you have any reason that you are not allow to use the Web Console of your OpenShift cluster, you can disable the OpenShift Container Platform Web Console by editing the console.operator.openshift.io resource.

Implementing Web Console

Since Web Console in OpenShift is the feature comes with OpenShift. Which means that the information we mentioned above are for OpenShift only.

Kubernetes

Kubernetes provides the Web Console but it is not included in OpenShift. In other words, OpenShift Web Console contains most of features which Kubernetes Web Console provides and therefore we don’t need to use Kubernetes Web Console feature to manage OpenShift.

OpenShift

Information described in the previous sections are applicable only for OpenShift.

On IBM Cloud

OpenShift managed service which is provided by IBM Cloud provides its unique dashboard as well as OpenShift Web Console which we described in this document above.

With IBM Cloud Pak for MCM

N/A

Others

KUI KUI does not come with OpenShift. KUI is an open source kubernetes application. KUI is a Visual Web Terminal that allows you to interact with multiple command line tools in order to minimize context switching and get more done in a single place.

The following is a sample of running a kubectl get pods. It displays the output in a nice graphical format, and it provides context senstive next action.

If you click on the name of the pods then it will display the output of the kubectl desc podsname.

Kui Sample Output

More information about KUI can be found in the KUI webpage

Other consideration

n/a