KubeKanvas Logo
  • Features
  • Pricing
  • Templates
    • How KubeKanvas works
    • Docs
    • Downloads
    • Blog
    • E-Book
    • Tutorials
  • FAQs
  • Contact
  • Features
  • Pricing
  • Templates
    • How KubeKanvas works
    • Docs
    • Downloads
    • Blog
    • E-Book
    • Tutorials
  • FAQs
  • Contact
  • Overview
  • Installation & Upgrade
    • Why KubeKanvas CLI
    • Key Commands

Concepts

Why KubeKanvas CLI

KubeKanvas is a visual Kubernetes IDE that lets you design, configure, and deploy Kubernetes workloads using a drag-and-drop canvas. But how do your visual designs actually reach your Kubernetes clusters? That is where the KubeKanvas CLI comes in.

The Problem

Kubernetes clusters live in many environments — local development machines, private data centers, cloud providers, or air-gapped networks. A cloud-hosted IDE cannot directly access these clusters because:

  • Clusters are often behind firewalls and NAT without public ingress
  • Kubeconfig credentials should never leave your machine
  • Kubernetes Secrets must remain encrypted end-to-end
  • Teams need fine-grained control over which clusters are accessible

The Solution: CLI as a Cluster Agent

The KubeKanvas CLI acts as a lightweight agent running on any machine that has access to your Kubernetes clusters. Instead of the KubeKanvas platform reaching into your cluster, the CLI establishes an outbound connection to the KubeKanvas server and listens for deployment commands.

This architecture is similar to how CI/CD runners work — the agent runs inside your network, connects outward, and executes operations on your behalf.

Key principle: Your kubeconfig credentials and Kubernetes Secrets never leave your machine. The CLI operates locally and only receives instructions — not credentials — from the server.

Architecture Overview

  1. Design: You create Kubernetes resources (Deployments, Services, Ingresses, ConfigMaps, etc.) visually in the KubeKanvas IDE canvas
  2. Generate: The platform automatically generates Helm charts from your visual design
  3. Command: When you click “Deploy”, a deployment command is sent to your CLI agent
  4. Execute: The CLI receives the command, downloads the Helm chart, and runs helm install / helm upgrade against your cluster
  5. Report: Status updates flow back to the IDE so you see deployment progress in real time

Security Model

  • Secure authentication — The CLI authenticates via a secure browser-based flow (no password stored locally)
  • Token-based sessions — Authentication tokens are stored in your operating system's secure keychain, not in plain-text files
  • End-to-end encryption — Kubernetes Secrets are encrypted with asymmetric keys; only the CLI holding the private key can decrypt them
  • Outbound-only connections — No inbound ports need to be opened on your network

Core Workflow

The KubeKanvas CLI workflow follows four sequential stages:

  1. Login — Authenticate with your KubeKanvas account
  2. Configure — Discover Kubernetes clusters from your kubeconfig, test connectivity, and register them with KubeKanvas
  3. Connect — Establish a persistent connection and start listening for deployment commands
  4. Deploy — Click deploy in the KubeKanvas IDE and watch your Helm charts roll out to your clusters in real time

Next: Learn about the most important CLI commands and how they work together.

KubeKanvas Logo
Visual Kubernetes cluster design tool that helps you create, manage, and deploy your applications with ease.
Product
  • Features
  • Pricing
  • Templates
Resources
  • Blog
  • Tutorials
Company
  • About Us
  • Contact
  • Terms of Service
  • Privacy Policy
  • Impressum
XGitHubLinkedIn
© 2026 KubeKanvas. All rights reserved.