Workbench and Cloud Shell are browser-based terminals that let you run kubectl commands to manage Container Service for Kubernetes (ACK) clusters without installing any local tools. When either tool starts, ACK automatically loads the kubeconfig file for the current user.
| Tool | Network access | When to use |
|---|---|---|
| [Workbench](https://www.alibabacloud.com/help/en/document_detail/108412.html) | Public network and internal network | Use when your cluster is accessible only over an internal network, or when you want a remote connection to an Elastic Compute Service (ECS) instance. |
| [Cloud Shell](https://www.alibabacloud.com/help/en/document_detail/90256.html) | Public network only | Use when your cluster has public network access enabled and you need a pre-configured Linux environment with common programming languages and command-line tools. |
Cloud Shell creates a Linux virtual machine (VM) that is valid for one hour. The VM is immediately terminated on expiration. If there are no interactive operations for 30 minutes, or if you close all session windows, the VM is terminated after 15 minutes. When you start Cloud Shell again, the system creates a new VM.
Prerequisites
Before you begin, make sure you have:
An ACK cluster. For clusters accessible over the public network, an elastic IP address (EIP) must be associated with the cluster's API server. See Control public access to the API server of an ACK cluster.
(For Resource Access Management (RAM) users) The required cluster management permissions, in addition to the system permissions required for Container Service. See Authorization.
(For Cloud Shell users who are RAM users) The
AliyunCloudShellFullAccesspermission. To create and attach an Apsara File Storage NAS file system, also grant theAliyunNASFullAccesspermission. See Grant permissions to a RAM user.
Connect using Workbench
Use this option if your cluster is accessible over an internal network or you do not need a pre-configured Linux environment.
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the left navigation pane, click Cluster Information.
On the Cluster Information page, click Manage Clusters Using Workbench in the upper-right corner.
In the terminal, run the following command to verify the connection:
kubectl get namespaceIf the connection is successful, the output lists your cluster namespaces. Verify that the STATUS of each namespace is Active:
NAME STATUS AGE default Active 3h14m kube-node-lease Active 3h14m kube-public Active 3h14m kube-system Active 3h14m
Connect using Cloud Shell
Use this option if your cluster has public network access enabled.
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the left navigation pane, click Cluster Information.
On the Cluster Information page, click Open Cloud Shell in the upper-right corner.
(Optional) Mount a NAS file system to persist your scripts and files across sessions. Without a mounted NAS file system, all files are lost when the Cloud Shell VM is terminated. To mount one, click
, click Mount File Storage, and follow the on-screen instructions.Run the following command to verify the connection:
kubectl get namespacesIf the connection is successful, the output lists your cluster namespaces. Verify that the STATUS of each namespace is Active:
NAME STATUS AGE default Active 3h14m kube-node-lease Active 3h14m kube-public Active 3h14m kube-system Active 3h14m
What's next
To manage kubeconfig credentials and reduce security risks from credential leaks, see Manage KubeConfig files.
To upload and download files in Cloud Shell, see Upload and download files.
To learn basic file operations in Workbench, see Basic operations in Workbench.