Let us take a dig into Kubevious

Let us take a dig into Kubevious

In this post, we will discuss a tool name "Kubevious"

Visualizing Kubernetes is something that everyone wants, the more good the visualization, the more it gets adopted by the community. Tools that help to view/debug the issues/configurations right in front of the screen make the life of dev/ops people easy.

There are Different Tools as of today that do the visualization, but I found Kubevious to be different. Along with the visualizations, it also shows the misconfigured labels for the pods-services, instantly shows the RBAC roles/permissions for the service accounts. Sounds Exciting? Let us dive in and see it in action.

For this tutorial, we will install Kubevious to a managed k3s cluster (powered by civo cloud)

After creating a k3s cluster, save the kubeconfig locally, to check if the cluster is ready and running.

kubectl get nodes
NAME               STATUS   ROLES    AGE   VERSION
kube-node-ee97     Ready    <none>   61m   v1.18.6+k3s1
kube-master-650d   Ready    master   62m   v1.18.6+k3s1
kube-node-b70a     Ready    <none>   61m   v1.18.6+k3s1

Now you can deploy Kubevious to the Kubernetes cluster via helm charts easily (make sure to have helm installed locally )


kubectl create namespace kubevious
namespace/kubevious created


helm repo add kubevious https://helm.kubevious.io
"kubevious" has been added to your repositories

helm upgrade --atomic -i -n kubevious  --kubeconfig=config   --version 0.6.36     --set ingress.enabled=true     kubevious kubevious/kubevious 
Release "kubevious" does not exist. Installing it now.
NAME: kubevious
LAST DEPLOYED: Tue Aug 25 19:32:38 2020
NAMESPACE: kubevious
STATUS: deployed
REVISION: 1
TEST SUITE: None

Hooray!! Kubevious installed in seconds within the cluster. Let us see how we can access the dashboard

kubectl get pods -n kubevious
NAME                                    READY   STATUS    RESTARTS   AGE
pod/kubevious-ui-68668b4489-bjsqs       1/1     Running   0          4m37s
pod/kubevious-parser-84cfb9b8d9-slw6z   1/1     Running   0          4m37s
pod/kubevious-6b4786796b-s77hw          1/1     Running   0          4m37s
pod/kubevious-mysql-0                   1/1     Running   0          4m37s

kubectl get ingress -n kubevious
NAME        CLASS    HOSTS   ADDRESS         PORTS   AGE
kubevious   <none>   *       91.211.152.29   80      2m57s

kubectl get svc -n kube-system | grep traefik
traefik-prometheus   ClusterIP      192.168.149.96    <none>          9100/TCP                     76m
traefik              LoadBalancer   192.168.179.129   91.211.152.29   80:30078/TCP,443:32162/TCP   76m

You can directly access the Kubevious UI by hitting the External IP of Traefik and the port that points to port 80. in this case, it would be 91.211.152.29:30078

Below is the First UI that you get to see :

image.png

As you can see, it lists all the namespaces with its configurations (Roles, RoleBindings, ClusterRole, ClusterRoleBindings, Applications deployed in that namespace)

image.png

So if you see any warning signs or any red signs you can see that the alerts section will be populated with a reason for it.

image.png

You will also be able to view the complete visualization of RBAC - roles and role bindings of in a single view that gives the information on what is the access control level.

image.png

image.png

You can also see the list of deployed resources, their deployment information, and labels/selector for the service/pod. This is important for rectifying issues on the fly by viewing in the UI. Consider the below scenario:

Say you deploy an nginx app and expose it as a service and while creating the service you didn't specify the labels properly.

kubectl run nginx --image=nginx --replicas=2
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx created

#Create a Nodeport service and change the app label (in order to create the above scenario )
kubectl expose deployment/nginx --port=80 --type=NodePort
service/nginx exposed
kubectl get svc
NAME         TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   192.168.128.1     <none>        443/TCP        155m
nginx        NodePort    192.168.220.191   <none>        80:32485/TCP   2s

kubectl edit svc nginx 
#change the selector as below image

image.png

Let us check the Kubevious UI now for the default namespace and you can see that service selector is not able to find any apps.

image.png

Now, this becomes very helpful if you find any mismatch in the labels/selectors which is a common mistake.

Also, there is a very interesting feature called Time Machine Say that you have fixed the error now but in the Time Machine, you can view what the error was in past simply by dragging to a specific time window. Below I am showing 2 views -> wrong selector and correct selector

image.png

image.png

So, In my opinion, Kubevious really helps you to dig into your cluster especially the RBAC portions and also helps you debug the label/selector problem easily. For more information and features like Blast radius, universal search you can visit the official GitHub Repository: github.com/kubevious/kubevious.

Saiyam Pathak
[CKA | CKAD | CNCF Ambassador]
Youtube
Twitter