Fun Fact: The name "Kubernetes" originated from the Greek word "κυβερνήτης", meaning “helmsman” or “pilot.” Just like a ship’s captain, Kubernetes orchestrates containers, steering the deployment, scaling, and management of applications across distributed infrastructure.
The K8s Control Panel is a Python web application that provides an intuitive graphical interface for common Kubernetes operations. Built with Streamlit and the Kubernetes Python client, it enables developers and operators to manage deployments and pods through a browser-based interface, eliminating the need for command-line kubectl operations.
Key capabilities include:
- User authentication and authorization
- Namespace-scoped operations
- Deployment scaling (up/down)
- Pod management (deletion, resource updates)
- Real-time operation feedback
- Comprehensive logging and error handling
Watch a quick demo of the K8s Control Panel in action (click below for full video 👇):
flowchart TB
subgraph User Layer
A[User Browser]
end
subgraph Application Layer
B[Streamlit Web Server]
C[Authentication Module]
D[UI Components]
end
subgraph Business Logic Layer
E[Deployment Operations]
F[Pod Operations]
G[Common Components]
end
subgraph Data Layer
H[Kubernetes Python Client]
I[Configuration Files]
J[Logging System]
end
subgraph Infrastructure Layer
K[Kubernetes Cluster]
L[(Log Files)]
end
A --> B
B --> C
B --> D
D --> E
D --> F
E --> G
F --> G
E --> H
F --> H
G --> H
H --> K
I --> B
J --> L
B --> J
style A fill:#4CAF50,stroke:#333,stroke-width:2px,color:#fff
style B fill:#2196F3,stroke:#333,stroke-width:2px,color:#fff
style K fill:#FF9800,stroke:#333,stroke-width:2px,color:#fff
style L fill:#9E9E9E,stroke:#333,stroke-width:2px,color:#fff
flowchart TD
A[Application Start] --> B[Load Configuration]
B --> C{Config Valid?}
C -->|No| D[Display Error & Exit]
C -->|Yes| E[Initialize Logging]
E --> F[Load Kubernetes Clients]
F --> G{Kubeconfig Valid?}
G -->|No| H[Display Error]
G -->|Yes| I[Display Login Page]
I --> J{User Authenticated?}
J -->|No| K[Show Error/Warning]
J -->|Yes| L[Display Main Page]
L --> M{Select Operation}
M -->|Deployment| N[Select Namespace]
M -->|Pod| O[Select Namespace]
N --> P[Select Deployments]
O --> Q[Select Pods]
P --> R{Choose Operation}
Q --> S{Choose Operation}
R -->|Scale Up| T[Set Replica Count]
R -->|Scale Down| U[Set Replicas to 0]
S -->|Delete| V[Delete Pod]
T --> X[Execute Operation]
U --> X
V --> X
X --> Y{Success?}
Y -->|Yes| Z[Show Success Message]
Y -->|No| AA[Show Error Message]
Z --> AB[Log Operation]
AA --> AB
style A fill:#4CAF50,stroke:#333,stroke-width:2px,color:#fff
style D fill:#f44336,stroke:#333,stroke-width:2px,color:#fff
style H fill:#f44336,stroke:#333,stroke-width:2px,color:#fff
style Z fill:#4CAF50,stroke:#333,stroke-width:2px,color:#fff
style AA fill:#f44336,stroke:#333,stroke-width:2px,color:#fff
style AB fill:#2196F3,stroke:#333,stroke-width:2px,color:#fff
K8s-Control-Panel-Using-Streamlit/
├── main_application.py # Application entry point: Streamlit app orchestration
├── requirements.txt # Python dependencies with version constraints
├── README.md # Project documentation
├── LICENSE # MIT License
├── .gitignore # Git ignore rules
│
├── config/
│ ├── config.json # Application settings: loader, logging, image configs
│ ├── credential.yaml # User authentication credentials (hashed passwords)
│ └── k8sconfig.txt # Kubernetes kubeconfig file (cluster connection)
│
├── common/
│ ├── common_component.py # Reusable UI components: namespace selector
│ ├── logging_config.py # Logging configuration: file rotation, formatters
│ └── __pycache__/ # Python bytecode cache
│
├── scripts/
│ ├── deployment_page.py # Deployment operations: scaling up/down
│ ├── pod_page.py # Pod operations: deletion, resource updates
│ └── __pycache__/ # Python bytecode cache
│
├── template/
│ └── watermark_removal/
│ └── watermark_removal_script.html # Streamlit watermark removal CSS
│
├── media/
│ ├── K8s_Control_Panel_Logo.png # Application logo
│ ├── Coming_Soon_Image.png # Placeholder for upcoming features
│ ├── Deployment_Scaling_Up_Image.PNG # Screenshot: scaling up
│ ├── Deployment_Scaling_Down_Image.PNG # Screenshot: scaling down
│ └── Pod_Deletion_Operation_Image.PNG # Screenshot: pod deletion
│
└── logs/
└── app.log # Application log file (auto-created)
| Component | Version | Description |
|---|---|---|
| Python | 3.10 - 3.13 | Required runtime environment |
| pip | 22.0+ | Python package installer |
| Kubernetes Cluster | 1.28+ | Target cluster for operations |
| kubectl | 1.28+ | For kubeconfig generation |
| Git | 2.30+ | For cloning the repository |
Install based on your Kubernetes provider:
| Provider | CLI Tool | Purpose |
|---|---|---|
| AWS EKS | AWS CLI + IAM Authenticator | Generate kubeconfig |
| GCP GKE | Google Cloud SDK (gcloud) | Generate kubeconfig |
| Azure AKS | Azure CLI | Generate kubeconfig |
| Local | kind/minikube | Local cluster testing |
git clone https://github.com/jaypatel15406/K8s-Control-Panel-Using-Streamlit.git
cd K8s-Control-Panel-Using-StreamlitmacOS/Linux:
python3 -m venv venv
source venv/bin/activateWindows (Command Prompt):
python -m venv venv
venv\Scripts\activate.batWindows (PowerShell):
python -m venv venv
venv\Scripts\Activate.ps1pip install -r requirements.txt# Install AWS CLI and configure credentials
aws configure
# Install AWS IAM Authenticator (if not already installed)
# Generate kubeconfig
aws eks update-kubeconfig --name <cluster_name> --region <region_name># Install Google Cloud SDK and authenticate
gcloud auth login
# Set project (if multiple)
gcloud config set project <project_id>
# Generate kubeconfig
gcloud container clusters get-credentials <cluster_name> --zone <zone_name># Install Azure CLI and authenticate
az login
# Set subscription (if multiple)
az account set --subscription <subscription_id>
# Generate kubeconfig
az aks get-credentials --resource-group <resource_group_name> --name <cluster_name>Note: Replace placeholder values (<cluster_name>, <region_name>, etc.) with your actual cluster details.
Don't have a Kubernetes cluster? No problem! Use the included Docker-based K3s cluster for safe testing without connecting to a production cluster. This is highly recommended for development and testing.
| Benefit | Description |
|---|---|
| 🚀 Quick Setup | Start a local K8s cluster in under 2 minutes |
| 🔒 Safe Testing | No risk to production resources |
| 💰 No Cloud Account Needed | Test without AWS, GCP, or Azure |
| 📦 Pre-configured Resources | Test deployments and pods included |
| 🎯 Isolated Environment | Docker-based K3s cluster |
| 🧪 Perfect for Development | Test features before production deployment |
# Navigate to test environment (at project root)
cd docker-k8s-test
# Start the local K8s cluster
docker-compose up -d
# Wait for cluster to be ready (30-60 seconds)
docker-compose logs -f k8s-cluster
# Extract kubeconfig automatically (copies to config/k8sconfig.txt)
docker-compose run kubeconfig-extractorThe kubeconfig is automatically:
- ✅ Extracted from the cluster
- ✅ Copied to
config/k8sconfig.txt - ✅ Server URL set to
https://localhost:6443 - ✅ Certificates embedded inline (no file dependencies)
The test environment includes ready-to-use resources:
Namespace:
k8s-control-panel-test- Isolated test namespace
Deployments:
| Name | Initial Replicas | Image | Description |
|---|---|---|---|
test-nginx-deployment |
2 | nginx:1.25-alpine | Web server for scaling tests |
test-busybox-deployment |
1 | busybox:1.36 | Lightweight container for testing |
Pods (Standalone):
| Name | Image | Purpose |
|---|---|---|
test-nginx-pod |
nginx:1.25-alpine | Test pod deletion |
test-busybox-pod |
busybox:1.36 | Test pod deletion |
-
Start the Application:
python -m streamlit run main_application.py
-
Test Deployment Operations:
- Select "Deployment Operations" tab
- Choose namespace:
k8s-control-panel-test - Select deployments and perform scaling
-
Test Pod Operations:
- Select "Pod Operations" tab
- Choose namespace:
k8s-control-panel-test - Select pods and delete them
# List all namespaces
kubectl --kubeconfig=../config/k8sconfig.txt get namespaces
# List pods in test namespace
kubectl --kubeconfig=../config/k8sconfig.txt get pods -n k8s-control-panel-test
# Scale deployment
kubectl --kubeconfig=../config/k8sconfig.txt scale deployment test-nginx-deployment --replicas=5 -n k8s-control-panel-test| Resource | Approximate Usage |
|---|---|
| CPU | 500MB - 1GB |
| Memory | 1GB - 2GB |
| Disk | 500MB |
For detailed instructions, all kubectl commands, troubleshooting, and advanced usage, see:
→ Docker K8s Test Environment - Complete Guide
Copy your kubeconfig file to the application:
# Locate your kubeconfig (default: ~/.kube/config)
cp ~/.kube/config config/k8sconfig.txtImportant: The file must be named k8sconfig.txt and placed in the config/ directory.
-
Edit
config/config.json:Set your initial password and enable password hashing:
{ "decrypted_password_jay_user": "your_secure_password", "password_hashing_flag": "True" } -
Run the application to generate hashed password:
python -m streamlit run main_application.py
The application will log the hashed password to the terminal:
Paste this password into 'config/credential.yaml' File and change the 'password_hashing_flag' in 'config/config.json' File to 'False': ['$2b$12$...'] -
Update
config/credential.yaml:Replace the password hash and update user details. Note: The
preauthorizedsection is optional in streamlit-authenticator >= 0.4.0:credentials: usernames: your_username: email: your.email@example.com name: Your Name password: '$2b$12$...' # Paste hashed password here cookie: expiry_days: 0 key: 'K8s Control Panel Cookie Key' name: 'K8s Control Panel Cookie'
-
Disable password hashing:
Edit
config/config.jsonand set:{ "password_hashing_flag": "False" }
| Setting | Default | Description |
|---|---|---|
decrypted_password_jay_user |
- | Plain text password for initial hashing |
password_hashing_flag |
"False" | Enable to generate new password hash |
logging_configurations.level |
"INFO" | Log level (DEBUG/INFO/WARNING/ERROR) |
logging_configurations.file |
"logs/app.log" | Log file path |
logging_configurations.max_bytes |
5242880 | Max log file size before rotation (5MB) |
logging_configurations.backup_count |
3 | Number of backup log files to retain |
logging_configurations.format |
- | Log message format string |
| Setting | Description |
|---|---|
credentials.usernames |
Dictionary of authorized users |
credentials.usernames.<username>.email |
User email address |
credentials.usernames.<username>.name |
Display name |
credentials.usernames.<username>.password |
Bcrypt hashed password |
cookie.expiry_days |
Cookie validity period (0 = session only) |
cookie.key |
Encryption key for cookie |
cookie.name |
Cookie name identifier |
preauthorized.emails |
Emails allowed to register |
python -m streamlit run main_application.pyThe application will open in your default web browser at http://localhost:8501.
You can now view your Streamlit app in your browser.
Local URL: http://localhost:8501
Network URL: http://<your-ip>:8501
- Login Page: Enter your username and password
- Main Page: Select operation type from horizontal menu
- Kubernetes Configuration Check:
- If kubeconfig is configured: Dropdowns populate with namespaces, deployments, and pods
- If kubeconfig is missing: Info messages appear explaining Kubernetes is not configured (UI still loads)
- Deployment Operations:
- Choose namespace (or see info message if not configured)
- Select deployments (multi-select)
- Choose operation (Scale Up / Scale Down)
- Set replica count (for scale up)
- Execute scaling
- Pod Operations:
- Choose namespace (or see info message if not configured)
- Select pod(s)
- Choose operation: Delete Pod
- Execute operation
Note: The application gracefully handles missing Kubernetes configuration by showing informative messages while keeping the UI functional.
| Operation | Description | Use Case |
|---|---|---|
| Scale Up | Increase replica count (1-10) | Handle increased load |
| Scale Down | Reduce replicas to zero | Save resources during low traffic |
| Operation | Description | Use Case |
|---|---|---|
| Delete Pod | Remove selected pod(s) | Restart failed pods, cleanup |
- Bcrypt password hashing
- Cookie-based session management
- Pre-authorized email validation
- Namespace-scoped operations (prevents accidental cluster-wide changes)
Symptom: Application shows "Kubernetes not configured" warning and dropdowns are empty
Solution: This is expected behavior when kubeconfig is not configured. The application will still load the UI.
# Add your kubeconfig file
cp ~/.kube/config config/k8sconfig.txt
# Or regenerate kubeconfig using your cloud provider CLISymptom: Application shows credential file error message
Solution:
# Verify config files exist
ls -la config/
# Expected files:
# - config.json (application settings)
# - credential.yaml (user credentials)
# - k8sconfig.txt (Kubernetes configuration - optional for UI to load)Symptom: Warning message about invalid kubeconfig
Solution:
# Test kubeconfig with kubectl
kubectl --kubeconfig=config/k8sconfig.txt get namespaces
# If this fails, regenerate kubeconfig using cloud provider CLISymptom: Cannot log in with credentials
Solution:
- Verify
credential.yamlpassword hash is correctly formatted - Ensure
password_hashing_flagis set to"False"after initial setup - Check username matches exactly (case-sensitive)
Symptom: Namespace dropdown shows info message but no options
Solution:
- This is normal if Kubernetes is not configured - the app shows an info message
- Verify cluster connection:
kubectl cluster-info - Check user has RBAC permissions to list namespaces
- Ensure kubeconfig context is set correctly
Symptom: No log files created in logs/ directory
Solution:
# Check directory permissions
mkdir -p logs
chmod 755 logs
# Verify logging configuration in config.jsonSymptom: ImportError for streamlit, kubernetes, etc.
Solution:
# Ensure virtual environment is activated
# Reinstall dependencies
pip install -r requirements.txt --upgradeView application logs:
# Real-time log monitoring
tail -f logs/app.log
# Search for errors
grep "ERROR" logs/app.log
# View recent logs
cat logs/app.log | tail -50The application follows a modular architecture:
main_application.py # Entry point, authentication, routing
├── common/
│ ├── common_component.py # Shared UI components
│ └── logging_config.py # Logging setup
└── scripts/
├── deployment_page.py # Deployment operations
└── pod_page.py # Pod operations
-
Create new operation page:
- Add file in
scripts/directory - Implement page function with
v1anda1parameters - Add navigation in
main_application.py
- Add file in
-
Add common components:
- Extend
CommonComponentclass incommon/common_component.py - Document with Google-style docstrings
- Extend
-
Update configuration:
- Add settings to
config/config.json - Document in README.md Configuration Reference
- Add settings to
- Type Hints: All functions use Python 3.10+ type hints
- Docstrings: Google-style docstrings for all public functions
- Logging: Comprehensive logging at INFO and ERROR levels
- Error Handling: Try-except blocks with user-friendly messages
-
Find an Issue: Browse open issues
-
Claim an Issue: Comment: "Can I work on this?" on the issue
-
Fork and Clone:
git clone https://github.com/YOUR_USERNAME/K8s-Control-Panel-Using-Streamlit.git cd K8s-Control-Panel-Using-Streamlit -
Create a Branch:
git checkout -b feature/issue-123-short-description
-
Make Changes:
- Follow existing code style
- Add type hints and docstrings
- Test thoroughly
-
Commit and Push:
git add . git commit -m "Fixes #123: Brief description of changes" git push origin feature/issue-123-short-description
-
Create Pull Request:
- Title format:
Fixes #123: Issue Title - Include description of changes
- Reference related issues
- Title format:
- Title:
Fixes #IssueNo: Description - Description: Explain what changes were made and why
- Tests: Verify functionality manually
- Documentation: Update README if adding features
- Code Style: Follow PEP 8 and project conventions
-
Kubeconfig Security:
- Never commit
k8sconfig.txtto version control - Use service accounts with minimal RBAC permissions
- Rotate credentials regularly
- Never commit
-
Password Management:
- Use strong, unique passwords
- Store password hashes securely
- Enable
password_hashing_flagonly during initial setup
-
Network Security:
- Run application behind firewall for production use
- Use HTTPS in production (configure Streamlit server)
- Restrict access to trusted IPs
-
Logging:
- Review logs regularly for suspicious activity
- Implement log rotation (configured by default)
- Avoid logging sensitive information
Create a dedicated service account with minimal permissions:
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8s-control-panel
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: k8s-control-panel-role
namespace: default
rules:
- apiGroups: [""]
resources: ["pods", "namespaces"]
verbs: ["get", "list", "delete"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: k8s-control-panel-binding
namespace: default
subjects:
- kind: ServiceAccount
name: k8s-control-panel
roleRef:
kind: Role
name: k8s-control-panel-role
apiGroup: rbac.authorization.k8s.ioPlanned features for upcoming releases:
-
Pod Resource Management:
- Update CPU limits
- Update memory limits
- Resource quota visualization
-
Additional Operations:
- Service management
- ConfigMap editing
- Secret management
- Ingress configuration
-
Monitoring Integration:
- Real-time pod metrics
- Deployment history
- Resource utilization charts
-
Multi-Cluster Support:
- Switch between clusters
- Context management
- Cluster health dashboard
-
Enhanced Security:
- Multi-factor authentication
- Role-based access control
- Audit logging
This project is licensed under the MIT License - see the LICENSE file for details.
For issues, questions, or contributions:
- Bug Reports: GitHub Issues
- Discussions: GitHub Discussions tab
- Email: jaypatel15406@gmail.com
- Streamlit - Web framework for Python
- Kubernetes Python Client - Official Kubernetes Python SDK
- Streamlit Option Menu - Navigation menu component
- Streamlit Authenticator - User authentication (PyPI)