Let us take a dig into Kubevious
In this post, we will discuss a tool name "Kubevious"
Visualizing Kubernetes is something that everyone wants, the more good the visualization, the more it gets adopted by the community. Tools that help to view/debug the issues/configurations right in front of the screen make the life of dev/ops people easy.
There are Different Tools as of today that do the visualization, but I found Kubevious to be different. Along with the visualizations, it also shows the misconfigured labels for the pods-services, instantly shows the RBAC roles/permissions for the service accounts. Sounds Exciting? Let us dive in and see it in action.
For this tutorial, we will install Kubevious to a managed k3s cluster (powered by civo cloud)
After creating a k3s cluster, save the kubeconfig locally, to check if the cluster is ready and running.
kubectl get nodes
NAME STATUS ROLES AGE VERSION
kube-node-ee97 Ready <none> 61m v1.18.6+k3s1
kube-master-650d Ready master 62m v1.18.6+k3s1
kube-node-b70a Ready <none> 61m v1.18.6+k3s1
Now you can deploy Kubevious to the Kubernetes cluster via helm charts easily (make sure to have helm installed locally )
kubectl create namespace kubevious
helm repo add kubevious https://helm.kubevious.io
"kubevious" has been added to your repositories
helm upgrade --atomic -i -n kubevious --kubeconfig=config --version 0.6.36 --set ingress.enabled=true kubevious kubevious/kubevious
Release "kubevious" does not exist. Installing it now.
LAST DEPLOYED: Tue Aug 25 19:32:38 2020
TEST SUITE: None
Hooray!! Kubevious installed in seconds within the cluster. Let us see how we can access the dashboard
kubectl get pods -n kubevious
NAME READY STATUS RESTARTS AGE
pod/kubevious-ui-68668b4489-bjsqs 1/1 Running 0 4m37s
pod/kubevious-parser-84cfb9b8d9-slw6z 1/1 Running 0 4m37s
pod/kubevious-6b4786796b-s77hw 1/1 Running 0 4m37s
pod/kubevious-mysql-0 1/1 Running 0 4m37s
kubectl get ingress -n kubevious
NAME CLASS HOSTS ADDRESS PORTS AGE
kubevious <none> * 188.8.131.52 80 2m57s
kubectl get svc -n kube-system | grep traefik
traefik-prometheus ClusterIP 192.168.149.96 <none> 9100/TCP 76m
traefik LoadBalancer 192.168.179.129 184.108.40.206 80:30078/TCP,443:32162/TCP 76m
You can directly access the Kubevious UI by hitting the External IP of Traefik and the port that points to port 80. in this case, it would be 220.127.116.11:30078
Below is the First UI that you get to see :
As you can see, it lists all the namespaces with its configurations (Roles, RoleBindings, ClusterRole, ClusterRoleBindings, Applications deployed in that namespace)
So if you see any warning signs or any red signs you can see that the alerts section will be populated with a reason for it.
You will also be able to view the complete visualization of RBAC - roles and role bindings of in a single view that gives the information on what is the access control level.
You can also see the list of deployed resources, their deployment information, and labels/selector for the service/pod. This is important for rectifying issues on the fly by viewing in the UI. Consider the below scenario:
Say you deploy an nginx app and expose it as a service and while creating the service you didn't specify the labels properly.
kubectl run nginx --image=nginx --replicas=2
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
#Create a Nodeport service and change the app label (in order to create the above scenario )
kubectl expose deployment/nginx --port=80 --type=NodePort
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.128.1 <none> 443/TCP 155m
nginx NodePort 192.168.220.191 <none> 80:32485/TCP 2s
kubectl edit svc nginx
#change the selector as below image
Let us check the Kubevious UI now for the default namespace and you can see that service selector is not able to find any apps.
Now, this becomes very helpful if you find any mismatch in the labels/selectors which is a common mistake.
Also, there is a very interesting feature called Time Machine Say that you have fixed the error now but in the Time Machine, you can view what the error was in past simply by dragging to a specific time window. Below I am showing 2 views -> wrong selector and correct selector
So, In my opinion, Kubevious really helps you to dig into your cluster especially the RBAC portions and also helps you debug the label/selector problem easily. For more information and features like Blast radius, universal search you can visit the official GitHub Repository: github.com/kubevious/kubevious.