Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from 0.96 through 0.99.
Kubernetes Cockpit Pod
The Kubernetes cluster admin interface is now deployable as a Kubernetes pod. Peter did a lot of work to make this happen. It’s a good example of taking just one part Cockpit, containerizing it and running it in a completely different environment.
You can use the commands listed in the documentation to run the pod. Here’s a demo:
Locking Down Cockpit with Content-Security-Policy
Content-Security-Policy is like SELinux in your browser. You declare what your application is allowed to do, and the browser prevents other things from happening, like cross site scripting attacks. Because the Cockpit JavaScript code has as much access to the system as the logged in user, Cockpit needs to make sure that attackers cannot sneak in JavaScript code into the browser session.
In the last few releases, a strict policy was applied to the network, Kubernetes, Docker, storage, and accounts parts of the interface, just a few more remaining before all of Cockpit is locked down in this way.
Debian Packages
Cockpit has been testing each change and release against Debian during continuous integration for a while. Lars recently added installable Debian binary packages for each release. We’re still looking for a DD maintainer to help take those tested packages and include them in Debian proper.
See the documentation for how to use the Cockpit Debian packages.
From the Future
The ability to troubleshoot SELinux in Cockpit is pretty exciting. Dominik has lots of the work in this area and it’s nearly ready. Watch the video below. Once it’s finished you’ll be able to just click a button to resolve many, or at least most, SELinux issues found on a server.
Garret designed a UI for using Docker with an LVM pool as you would on Atomic Host. That is: a UI for docker-storage-setup. I’m looking forward to this in Cockpit. Sneak peek here:
Try It Out
Cockpit 0.99 is available now: