• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • This article will introduce you to some awesome tools that can be coupled with Kubernetes to add more power to it.

    When working in a DevOps ecosystem, you will realize how important it is to have amazing DevOps tools to ease your manual load. Plenty of DevOps tools are available for every DevOps stage and different functionalities.

    Kubernetes is one of the must-have if you work in the DevOps domain and run your apps inside containers. There are hundreds of tools out there that work in conjunction with Kubernetes to add more features. I am talking about tools for better management, security, dashboard, monitoring of the Kubernetes cluster.

    Here is a list of such amazing tools that adds more power to your Kubernetes.

    Let’s get started!

    Helm

    Helm is a package manager for Kubernetes that makes it easy to take applications and services that are highly repeatable or get used in many different scenarios, making it easier to deploy them to a typical Kubernetes cluster. Using Helm, you can find, share, and use the software which is built for Kubernetes.

    It uses charts, called Helm Charts to define, install, and upgrade complex Kubernetes applications.

    Helm Features:

    • Takes care of all Kubernetes application complexity using charts
    • Uses upgrades and custom hooks to update things easily.
    • Charts can be shared easily on public or private servers.
    • Easy rollback with just a single command
    • Improves developer productivity and enhances operational readiness

    Flagger

    Flagger is a Progressive Delivery Operator for Kubernetes.

    It automates the promotion of canary deployments using Istio, App Mesh, Nginx, Linkerd, Contour, Gloo, Skipper routing for traffic shifting, and Prometheus for canary analysis. In canary deployment, you roll out the releases to a small group of users, test it, if it is working fine, you roll out the release to everyone.

    flagger-canary-overview

    It uses the service mesh that runs in your cluster to manage the traffic that goes between one deployment and another. For shifting traffic to canary, it measures performance indicators like average duration of requests, the success rate of HTTP requests, pod health, etc.

    Flagger can run automated application analysis, promotion, and rollback for several deployment strategies like Canary, A/B testing, Blue/Green deployment.

    Kubewatch

    Kubewatch is an open-source Kubernetes watcher which sends a notification through the slack channel.

    It is written on Go programming and developed by Bitnami Labs. It is used to monitor the Kubernetes resources and notifies if there is any change.

    You can install Kubewatch through kubectl or by using helm charts. It is simple to understand and has a very easy to use interface. Other than slack, it also supports HipChat, Mattermost, Flock, webhook, and SMTP.

    Depending on which Kubernetes you want to monitor, you can set true or false for those resources in the ConfigMap file. Once you set the kubewatch configuration and run a pod, you will start receiving notifications on the Kubernetes event, as shown below.

    kubewatch - geekflare

    Gitkube

    Gitkube is a tool that uses git push for building and deploying docker images on Kubernetes. It has three components – Remote, gitkube-controller, gitkubed. Remote consists of custom resources that are managed by gitkube-controller. gitkube-controller sends the changes to gitkubed, which then builds the docker image and deploys it.

    gitkube

    Gitkube features:

    • Easy to install, plug and play
    • Provides role-based access control for security
    • Simple to authenticate using a public key
    • A namespace for multi-tenancy is supported
    • No extra dependencies apart from kubectl and git

    kube-state-metrics

    kube-state-metrics is a service that generates state object metrics by listening to the Kubernetes API server. It is used to check the health of various objects such as nodes, pods, namespaces, and deployments. It provides you raw, unmodified data from the Kubernetes API.

    Below is the information that is provided by kube-state-metrics:

    • Cron jobs and job status
    • Status of the pods (ready, running, etc.)
    • Resources requests and its range
    • Node capacity and it’s status
    • Specification of replica sets

    Kamus

    Kamus is an open-source GitOps tool which is used for encryption and decryption of secrets for Kubernetes applications. The encrypted secrets which Kamus does can only be decrypted by applications running on the Kubernetes cluster. It uses AES, Google Cloud KMS, Azure KeyVault for encryption of secrets. You can get started with Kamus using the helm chart.

    Kamus comes with two utilities – Kamus CLI and Kamus init container. Kamus CLI is used for integrating with encrypt API, and Kamus init container is used for integration with the decryption of API.

    Kubernetes plain Secrets are not encrypted; they are base64 encoded. You cannot keep it on Git as it is; it is not secure. Anybody having access to the repo will be able to use these secrets. Hence, a proper encryption/decryption solution is needed, like Kamus. It also provides a threat model which takes care of threats and makes secrets secure.

    Untrak

    Untrak is an open-source tool using in Kubernetes for finding untracked recourses and garbage collect them. It helps you find and delete those files from the cluster, which are untracked.

    After you inject the manifests to your CI/CD pipeline using kubectl apply or helm template, Kubernetes is unaware when the object will get deleted from the repository. Once the objects get deleted, they are not tracked in the delivery process and still reside on the Kubernetes cluster.

    It executes command internally using a simple config file untrak.yaml to find out resources that are not a part of your source code management anymore.

    untrak-schema

    Scope

    Weave Scope is for visualizing, monitoring, and troubleshooting Docker and Kubernetes.

    It shows you a top-down view of your containerized application and the complete infrastructure using which you can easily identify any problems and diagnose them.

    Running microservice architecture applications in docker containers is not that easy. The components here are very dynamic and difficult to monitor. With weave scope, you can easily troubleshoot memory leaks and control CPU consumption, visualize network bottlenecks.

    weave scope

    Scope features:

    • Helps you monitor your docker containers in real-time
    • Provides easy navigation between processes running in the containers
    • Shows CPU and memory usage host or service wise
    • Restart, Stop or Pause containers using CLI without leaving the scope browser window.
    • Supports custom plugins to get more details on containers, processes, and hosts

    Kubernetes Dashboard

    Kubernetes Dashboard is a web interface provided by Kubernetes. It is used to deploy, troubleshoot, and manage the containerized application on a Kubernetes cluster. It gives all the information about a cluster, such as details on nodes, namespaces, roles, workloads, etc.

    kubernetes dashboard

    You can use helm charts to deploy Kubernetes dashboard or use a simple kubectl command mentioned below:

    kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml

    Kops

    Kops stands for Kubernetes operations, an open-source project used to set up production-ready Kubernetes clusters very easily and quickly. Kops can be used to deploy Kubernetes clusters on AWS and GCE primarily.

    A small size Kubernetes cluster is easy to create and maintain, but when you scale your cluster, a lot of configurations get added, and it becomes difficult to manage operationally. Kops is a tool that helps you solve such problems. It follows a configuration driven approach where it keeps the cluster always up-to-date and safe.

    Kops also has many networking backends, and choosing one of them, depending on the use case, makes it easy for you to set up various types of clusters.

    kops

    cAdvisor

    cAdvisor is an open-source tool to monitor a container. It is used to understand the performance characteristics and resource usage of the containers running on the cluster.

    It operates on the node level and can auto-discover all the containers running on a particular node and collects memory, file system, CPU, and network statistics. It provides a web interface that shows the live data of all the containers in the cluster.

    To get started with cAdvisor, you need to run its docker image google/cadvisor, and then you can access it at http://localhost:8080 in a web browser.

    cAdvisor

    Kubespray

    Kubespray is a free tool that has been created by combining Ansible playbooks and Kubernetes. It is used for Kubernetes cluster lifecycle management.

    By using Kubespray, you can deploy a cluster quickly and customize all the parameters of a cluster implementation like deployment modes, network plugins, DNS configuration, component versions, certificate generation methods, etc.

    By just running one simple ansible-playbook, your cluster is up and running. You can easily scale or upgrade your Kubernetes cluster.

    K9s

    K9s is an open-source terminal-based tool, and its dashboard utility can do everything that a Kubernetes web UI does. It is used to navigate, observe, and manage the application deployed on the Kubernetes cluster.

    k9s - geekflare

    K9s features:

    • Track your cluster in real-time
    • Customize the display on a per resource basis
    • Zoom in to cluster resource issues
    • Supports Role-based access control
    • Built-in benchmarks to validate resource performance

    Kubetail

    Kubetail is a simple bash script that is used to aggregate logs from multiple pods in one stream.

    Very handy!

    It helps you in debugging with ease.

    The latest Kubetail version also has highlighting and filtering features. This feature enables you to perform log coloring. Using homebrew, you can install Kubetail with a single command. You can add default values in environment variables that Kubetail can read like KUBETAIL_NAMESPACE, KUBETAIL_TAIL, KUBETAIL_SKIP_COLORS etc.

    PowerfulSeal

    PowerfulSeal is an open-source, powerful chaos engineering tool written in python for Kubernetes clusters.

    Chaos engineering is used to get the system’s confidence to check its capability to deal with problematic situations in production. It injects failure to the Kubernetes cluster to identify issues in it as early as possible.

    It is inspired by Netflix Chaos Monkey and is used to improve Kubernete’s resiliency. Using PowerfulSeal, the engineers knowingly try to break things on the cluster to check how the system reacts.

    PowerfulSeal works in three modes – Autonomous, Interactive, Label.

    In autonomous mode, it executes scenarios by reading a policy file you provide. In interactive mode, it tells you about cluster components that you manually try to break. In label mode, you kill targeted objects on the cluster like pods using labels.

    powerfulseal

    Popeye

    Popeye is a cleaning utility that acts as a sanitizer 🧼 for Kubernetes clusters.

    popeye

    It will scan the complete cluster and report back with issues related to configurations and resources. It helps you execute the best practices on the Kubernetes cluster to stay away from common issues.

    This utility is available for Windows, Linux, and macOS. Currently, it works only with nodes, pods, namespaces, services. Using Popeye, you can easily identify dead and unused resources, port mismatches, RBAC rules, metrics utilization, and much more.

    Conclusion

    DevOps tools play a vital role in success, and I hope the above helps you manage Kubernetes better.