Lens 5.0 beta delivers new tools for organizing resources and accelerating work, including Lens Spaces: a secure, cloud-based enhancement for simplifying access control to Kubernetes clusters, anywhere
We’re steadily progressing toward the next major release of Lens. Today, Mirantis and Team Lens are introducing Lens 5 beta — adding significant new functionality to Lens, including a new way of sharing access to Kubernetes clusters. As always, our goal with Lens is to speed and simplify work with Kubernetes. We think we’re on the right track, but the current release’s Beta designation means we’re eager for you to try this new version of Lens, and we hope you’ll provide feedback!
The most important new feature of Lens 5.0 is Lens Spaces — a cloud service that works seamlessly with Lens to provide an integrated environment for teaming, participation, and access control around Kubernetes.
You can sign up for and access Spaces from within the Lens client (see illustration). Once logged in, you can list clusters to which you have access — granted either by yourself, or by others — and click to connect with them.
Lens 5.0 lists clusters you can access, and locates them on a world map.
Accessing clusters through Spaces is simpler and faster than using Lens to browse for a local kubeconfig, or cutting and pasting one (the normal way to tell Lens how to connect with a new cluster). But the effect is the same: you enjoy exactly the same (or a customizable subset of) access privileges (and restrictions) an administrator would normally set up for you using RBAC and roles and access control (which still govern your access). But you can access clusters without searching for, downloading, emailing, or otherwise fiddling with kubeconfigs (or with port forwarding, tunneling, VPNs, or other complications required for secure networking).
It’s easy to create new Spaces, and see Spaces of which you’re a member.
Administrators can permit secure access to their clusters through Cluster Connect. A lightweight agent is installed automatically to clusters administrators wish to share. The agent sponsors an outbound connection to the Spaces service, which works as a secure proxy. Cluster Connect lets you connect any of your Kubernetes clusters to your Lens Space without requiring port enablement on firewalls, use of VPNs, tunneling, or other hassles.
Administrators can then create secure “Spaces,” where clusters and users can be placed: add a user in the same space as a given cluster, and you’ve given them access. Just as easily, access can be revoked for individual users, or for all users by simply removing the cluster from one or more Spaces.
For much more granular access control, meanwhile, Lens Spaces admins can also pre-define specific permissions for each user and team for each cluster they share a Space with. It’s a very sleek and intuitive metaphor that (we think) will help accelerate work and improve security — both my minimizing human error and by letting you fix mistakes (like giving access to a cluster to the wrong team) quickly and easily.
Cluster Connect utilizes end-to-end encryption (BoreD, a new OSS project developed by team Lens) to secure connections between users and clusters, providing VPN-like security for all data in motion between users and clusters.
As it stands today, this is just the beginning for Lens Spaces. We will continually add new features and functionality to help our users increase productivity not only when working with Kubernetes, but any and all cloud-native technologies!
Also new to Lens 5.0, we’re excited to introduce Catalog: a new UI component that lets you collect Kubernetes clusters along with custom Lens views, weblinks, services, tools, pipelines, automations, and other related resources to make them accessible with single clicks. You can create catalogs for your own projects within Lens, organizing your own tools and clusters in as many contexts as you need to work efficiently. Lens Spaces administrators, meanwhile, can create centralized catalogs accessible to all members in a Space — simplifying onboarding, orientation, and standardization of tools and methods across teams and projects.
After many discussions with Lens and Kubernetes users, we’ve come to understand that people need help building workflows that improve efficiency: a complex and time-consuming task. To help improve user experience when working with Kubernetes, we are introducing Lens HotBar — a way of building and using “workflows” and automations within the Lens desktop application.
Items in the Hotbar can be customized by assigning different labels, colors, and icons for easy recall. Items can also be arranged, for example, to prioritize or perform actions in a specific sequence. Users can create and cycle through multiple Hotbars allowing for different profiles or workspaces when using Lens. Users can also drag and drop specific clusters, automation, and views from a Catalog into a Lens HotBar, enabling personalization and customization of asset collections assembled (and/or shared) using Catalog on the desktop, or via Lens Spaces.
To Our Community
We want to make a few things very clear to our community of users:
- Most new features of Lens 5.0 work without Spaces, and Lens will continue to be developed to work well as a stand-alone tool.
- Participation in Spaces is not obligatory to use Lens.
- We’re scaling out Lens Spaces while taking care to grow and govern the service carefully: preserving user privacy and security, and ensuring a good user experience.
We’re releasing this service as a beta because we want to leave ourselves room to experiment, and our community time to provide feedback. Before we set anything in stone, we want to make 100% sure we’re on the right track.
Please join us, and help shape Lens 5 beta (and other soon-to-be-announced Lens cloud-based services)! If you have any questions or feedback, please join our community slack channel.