Manage remote debugging sessions on K8s

Configure and control secure, real-time access for WEKA Customer Success Team to troubleshoot cluster issues using charts/wekahome/values.yaml on K8s deployment.

Overview

Collaborate with the WEKA Customer Success Team (CST) by establishing secure debugging sessions. When deploying the Local WEKA Home (LWH) on Kubernetes, you enable remote access by overriding chart values to define one deployment per session within the remoteSessionClient.sessions block. This configuration allows you to grant WEKA CST controlled access to your environment to troubleshoot issues in real time through SSH (tmate) sessions.

Configure remote access sessions

Configure the LWH Helm chart to enable and define remote session clients for Kubernetes clusters.

Before you begin

Ensure the LWH Helm chart is available.
Generate an SSH RSA key pair (id_rsa and id_rsa.pub).
Identify the Cluster UUID from LWH for each cluster requiring access.

Procedure

Create the SSH keys secret: Create a Kubernetes secret in the same namespace as the LWH release. The client mounts this secret at /root/.ssh.

kubectl create secret generic remote-session-ssh-keys \
  --from-file=id_rsa=/path/to/id_rsa \
  --from-file=id_rsa.pub=/path/to/id_rsa.pub \
  -n <wekahome-namespace>

Define session parameters in the values file: Update your values.yaml overrides to enable the client and define at least one session.

remoteSessionClient:
  enabled: true
  recordings:
    size: 10Gi
    accessMode: ReadWriteMany
  sessions:
    - name: "prod-cluster-1"
      clusterID: "550e8400-e29b-41d4-a716-446655440001"
      clusterName: "prod-cluster-1"
      sshKeysSecretName: "remote-session-ssh-keys"

Apply the configuration: Deploy the changes using your preferred method (for example, helm upgrade, ArgoCD sync, or Flux reconciliation).

Remote session client configuration reference

The following table details the parameters available for the remoteSessionClient configuration in the values.yaml file.

Required parameters are marked with an asterisk (*); all other parameters are optional.

Parameter

Description

remoteSessionClient.sessions[].name*

Unique session name used in the Process name.

remoteSessionClient.sessions[].clusterID*

The UUID of the cluster.

remoteSessionClient.sessions[].clusterName*

Human-readable name. Maximum 63 characters.

remoteSessionClient.sessions[].sshKeysSecretName*

Name of the secret containing the SSH keys.

remoteSessionClient.enabled

When set to true, the recording PVC is created even if no remote sessions are defined. Defining sessions is optional. If the session list is empty, no recordings occur.

If all sessions are removed while this option remains enabled, the recording PVC is retained. Default: false

remoteSessionClient.recordings.storageClass

Storage class for recordings PVC. Default: ""

remoteSessionClient.recordings.size

Size of the recordings PVC. Default: 10Gi

remoteSessionClient.recordings.accessMode

Access mode for recordings. Use ReadWriteMany for multi-server deployments.

Default: ReadWriteMany

remoteSessionClient.sessions

List of session objects. At least one is required if enabled.

Default: []

remoteSessionClient.sessions[].hostName

Overrides the default container hostname.

remoteSessionClient.sessions[].terminalCols

Terminal width in columns. Default: 158

remoteSessionClient.sessions[].terminalLines

Terminal height in lines. Default: 35

remoteSessionClient.sessions[].debug

Set to true to enable debug logging for the session. Default: false

remoteSessionClient.sessions[].tmateServer

Custom tmate server configuration object.

remoteSessionClient.cloudURL

The LWH API endpoint. Default: https://api.home.weka.io

Related information

charts/wekahome/values.yaml

Multiple session configuration example

Define multiple sessions by adding entries to the sessions list. Each session creates a dedicated Process to manage the connection for a specific cluster.

Example:

remoteSessionClient:
  enabled: true
  sessions:
    - name: "prod-cluster-1"
      clusterID: "550e8400-e29b-41d4-a716-446655440001"
      clusterName: "prod-cluster-1"
      sshKeysSecretName: "remote-session-ssh-keys"
    - name: "prod-cluster-2"
      clusterID: "550e8400-e29b-41d4-a716-446655440002"
      clusterName: "prod-cluster-2"
      sshKeysSecretName: "remote-session-ssh-keys"
      debug: true
      terminalCols: 158
      terminalLines: 35

Custom tmate server configuration

If the deployment requires a private tmate server instead of the default, define the tmateServer object. All sub-fields are required when this object is used.

Example:

- name: "my-cluster-session"
      clusterID: "550e8400-e29b-41d4-a716-446655440000"
      clusterName: "my-weka-cluster"
      sshKeysSecretName: "remote-session-ssh-keys"
      tmateServer:  # Custom tmate server (all sub-fields required if set)
        host: "tmate.example.com" 
        port: 22
        rsaFingerprint: "SHA256:..."
        ed25519Fingerprint: "SHA256:..."
        ecdsaFingerprint: "SHA256:..."

Parameter

Description

host

Hostname of the custom tmate server.

port

Connection port (typically 22).

rsaFingerprint

RSA fingerprint of the server.

ed25519Fingerprint

Ed25519 fingerprint of the server.

ecdsaFingerprint

ECDSA fingerprint of the server.

PreviousDeploy Local WEKA Home on K8s NextDeploy Local WEKA Home on K3s

Last updated 28 days ago

hashtagOverview

hashtagConfigure remote access sessions

hashtagRemote session client configuration reference

hashtagMultiple session configuration example

hashtagCustom tmate server configuration

Overview

Configure remote access sessions

Remote session client configuration reference

Multiple session configuration example

Custom tmate server configuration