Interactive Terminal
Categories:
When operating cloud native infrastructure, deep diagnostics often require direct access to the container shell. The Interactive Terminal in Kanvas enables you to execute commands and inspect the filesystem of your running containers directly from the visual topology. By integrating terminal sessions into the Kanvas interface, you can troubleshoot issues, verify configurations, and test network connectivity without switching context to external CLI tools like kubectl.
Overview π
The Kanvas Interactive Terminal allows operators to establish a secure, low-latency shell session with one or more pods simultaneously. This feature is essential for “last mile” debugging where metrics and logs alone are insufficient. The interactive terminal behaves in a fashion similar to the behavior of the kubectl exec command, but web-based.
Key Features π
- Direct Shell Access: Instantly
execinto any running container within your Kubernetes cluster to run standard shell commands (e.g.,ls,curl,top). - Multi-Session Support: Open concurrent terminal sessions for different pods to compare environments or run simultaneous tests.
- Integrated Workflow: Debug specific nodes while maintaining visibility of the surrounding infrastructure topology.
- Session Management: Configure preferences such as “Auto-close Terminal Sessions” to manage resources efficiently.
How to Access the Terminal π
To use the Interactive Terminal, ensure you are in Operator Mode and have a connected Kubernetes cluster.
- Navigate to Visualizer: Open Kanvas and switch to Operator mode to view your active cluster resources.
- Select a Workload: Click on a Pod or Deployment node within your design.
- Launch the Session:
- Expand the Details panel (bottom drawer).
- Select the Terminal tab (located alongside Performance and Log Stream).
- If the pod contains multiple containers, select the specific container you wish to access.
- Click Connect to initialize the session.
Use Cases and Examples π
1. Verifying Network Connectivity π
Scenario: A backend service is failing to connect to a database, but the service status appears green.
Action: Open a terminal in the backend pod and use curl or nc (netcat) to attempt a connection to the database endpoint.
Benefit: Confirms whether the issue is a network policy blocking traffic, a DNS resolution failure, or an application-layer configuration error, all while visualizing the connection in Kanvas.
2. Inspecting Configuration Files π
Scenario: An application is behaving unexpectedly, and you suspect the mounted ConfigMap data is incorrect.
Action: Use the terminal to cat the configuration files located in the file system (e.g., /etc/config/app.conf).
Benefit: Verifies exactly what the application sees at runtime, ensuring that the latest ConfigMap updates have actually propagated to the pod.
3. Real-Time Resource Monitoring π
Scenario: A specific pod is triggering high-memory alerts, but you need to know which process is the culprit.
Action: Exec into the container and run top or ps aux.
Benefit: Provides granular visibility into process-level resource consumption that aggregate metrics might miss.
4. Environment Variable Validation π
Scenario: A deployment fails to authenticate with an external API.
Action: Run the env command within the container’s terminal.
Benefit: Allows you to instantly verify if secret keys and API endpoints were injected correctly as environment variables during startup.
Technical Architecture π
The Interactive Terminal is built on an event-driven architecture designed for security and responsiveness:
- Session Initiation: When a user initiates a session, the Meshery Server receives the request via the GraphQL API.
- Orchestration: The request is brokered to the Meshery Operator, which signals the MeshSync controller running inside the cluster to start the interactive session.
- Data Transport: Input and output data are streamed via NATS through the Meshery Broker. Shell output is preprocessed and transcribed before being delivered to the UI.
- Session Isolation: Each terminal session is mapped to a unique topic ID within the subscription, ensuring that data streams for multiple open terminals do not overlap.
Distinct Capabilities
Note that each component offers its own capabilities, and that these capabilities differ between Designer mode and Operator mode. For example, in operator mode, if you right-click (and hold) on a Kubernetes pod, you will see actions unique to the Pod component, which are to open either an interactive terminal to one or all of the containers in the pod or to start streaming logs from any/all of the containers in the pod.While using the interactive terminal, understand that you can only open one session per container. Each session’s data is streamed via Meshery Broker (NATS) from MeshSync to Meshery Server / Kanvas. The GraphQL subscription between your web browser running Kanvas and Meshery Server provides isolation between other users who might be concurrently sharing an interactive terminal. Each connection establishes a unique session ID.
See Also π
- Log Streaming: Learn how to live-tail logs for real-time application monitoring.
Related Videos
Recent Discussions on Kanvas
- Jul 12 | Unleash Visual Power: Import Your Configs by zihan kuang
- Oct 14 | Explore Meshery's Published Relationship Design Examples by Awani Alero
- Oct 03 | Design Review RFC: Kanvas Empty State Enhancement by Lee Calcote
- Jul 19 | [For Discussion] Visual indication of semantically vs non-semantically meaningful Meshery components by Lee Calcote
- Jun 07 | What are the conditions for a "System is unhealthy" warning? by James
- May 30 | Looking for a meshmate to help with first PR by Faisal Imtiyaz123
- Feb 28 | For Discussion: Capturing potential, but unrealized Relationships in Design Snapshots by Lee Calcote
- Feb 12 | Hint on Scaling & Verifying Cronjob in Playground by Sandra Ashipala