The standard Command Line Interface for Kubernetes ( kubectl) is a very powerful tool for debugging or monitoring purposes. It is very inefficient, but just if you want to get a high-level overview of your Kubernetes cluster or want to work with multiple resources at the same time.
Kubernetes的标准命令行界面( kubectl )是用于调试或监视的非常强大的工具。 这是非常低效的,但是只是当您想对Kubernetes集群有一个高层次的概述或想同时使用多个资源时。
A large number of graphical Kubernetes dashboards exist today and chances are that you already used the default Kubernetes dashboard or the one that comes with your cloud provider. All of these dashboards are similar in the way they group information (a simple hierarchy for namespaces/resources) and cannot be easily used for answering generic questions regarding your cluster.
今天,存在大量的图形Kubernetes仪表板,并且很有可能您已经使用了默认的Kubernetes仪表板或您的云提供商随附的仪表板。 所有这些仪表板的分组信息方式(名称空间/资源的简单层次结构)相似,并且不能轻松地用于回答有关集群的一般性问题。
As an example, let’s say that you have a large Kubernetes cluster and you want to answer questions such as the following in a timely manner:
例如,假设您有一个大型的Kubernetes集群,并且想及时回答以下问题:
- Can you quickly locate all pods that don’t have resource limits? 您可以快速找到所有没有资源限制的Pod吗?
- Can you quickly find role-bindings that are not actively used? 您可以快速找到未被积极使用的角色绑定吗?
- Can you quickly find which namespace gets the most resources in the cluster? 您可以快速找到哪个名称空间在集群中获取最多的资源吗?
- Can you quickly locate which images use the “latest” tag? 您能否快速找到使用“最新”标签的图像?
When faced with these questions, cluster operators are typically faced with a choice. Either you can spend a lot of time with kubectl (the familiar play-10-questions game) or you can create ad hoc scripts or tools that probe the cluster and try to find these specific issues.
面对这些问题,集群运营商通常会面临选择。 您可以花很多时间在kubectl(熟悉的play-10-questions游戏)上,也可以创建临时脚本或工具来探索集群并尝试发现这些特定问题。
Wouldn’t it be nice if a graphical tool could answer these questions for you right away? Wouldn’t it also be even nicer if you could input your own questions on the spot instead of creating ad hoc scripts and tools whenever a new question comes up?
如果图形工具可以立即为您回答这些问题,那不是很好吗? 如果您可以在现场输入自己的问题而不是在出现新问题时创建临时脚本和工具,那还会更好吗?
This missing graphical tool is Kubevious. You can see a live demo of it at https://demo.kubevious.io/ or see its source code at https://github.com/kubevious/kubevious
这个缺少的图形工具是Kubevious。 你可以看到它的现场演示https://demo.kubevious.io/或看它的源代码在https://github.com/kubevious/kubevious
重新思考Kubernetes仪表板的功能 (Rethinking the capabilities of a Kubernetes dashboard)
Kubevious is a new Kubernetes dashboard that is a bit smarter when it comes to reasoning about Kubernetes resources. It has many groundbreaking features, but in this post, we will focus on its powerful rule engine that allows you to search and mark Kubernetes resources according to custom rules.
Kubevious是一个新的Kubernetes仪表板,在推理Kubernetes资源时更加智能。 它具有许多突破性的功能,但是在本文中,我们将重点介绍其强大的规则引擎,该引擎可让您根据自定义规则搜索和标记Kubernetes资源。
Kubevious has a hierarchical layout that will be familiar to you as it groups objects per namespace and hangs them in a tree structure directly under a namespace. The true magic happens, however, when you realize that Kubevious is performing extra analysis on each type of resource and “marks” it according to built-in or custom rules.
Kubevious具有层次结构,您会熟悉该结构,因为它按名称空间对对象进行分组并将它们直接挂在名称空间下的树结构中。 但是,当您意识到Kubevious正在对每种类型的资源执行额外的分析并根据内置或自定义规则对其进行“标记”时,真正的魔力就会发生。
For example, out of the box, you will see a “spy” icon on objects that have API access to the cluster itself outside of their own namespace.
例如,开箱即用,您将在对自己的名称空间之外的集群本身具有API访问权限的对象上看到一个“间谍”图标。
Having this type of information readily available on big clusters is very important as it cuts down considerably the amount of time spent on manual kubectl commands.
在大型群集上容易获得此类信息非常重要,因为它可以大大减少手动kubectl命令所花费的时间。
Kubevious has several other built-in markers that you might find useful. As an example you can find easily unused cluster bindings:
Kubevious还有其他一些内置标记,您可能会觉得有用。 例如,您可以轻松找到未使用的集群绑定:
More importantly, it also allows you to create your own rules for your specific business needs.
更重要的是,它还允许您为特定的业务需求创建自己的规则。
关于Kubernetes资源的推理 (Reasoning about Kubernetes resources)
Kubevious comes with its own rule engine that allows you to locate Kubernetes resources with the characteristics that you define. The rule Editor is also part of the GUI:
Kubevious带有自己的规则引擎,可让您使用定义的特征来定位Kubernetes资源。 规则编辑器也是GUI的一部分:
Each rule is defined in a simple language called Kubik with a Javascript-like syntax. For each rule, you define the body of the rule (what Kubernetes resource to look for) along with a marker (what to do with the affected resource). Markers are a combination of icon, name, and color that you can use to tag affected objects.
每个规则都用一种称为Kubik的简单语言定义,并具有类似Javascript的语法。 对于每个规则,您定义规则的主体(要查找的Kubernetes资源)以及标记(与受影响的资源有关)。 标记是图标,名称和颜色的组合,可用于标记受影响的对象。
There is already a library of existing rules that you can reuse in your cluster. For example, you can quickly locate pods without resource limits:
现有的规则库已经可以在集群中重用。 例如,您可以快速定位没有资源限制的窗格:
Here is the rule definition:
这是规则定义:
for(var container of item.config.spec.containers)
{
if (!container.resources.limit)
{
warning('No resource limit set');
}
}As another example let’s find a namespace with resources that eat more that 40% of CPU or memory
作为另一个示例,让我们找到一个名称空间,其中的资源占用的CPU或内存超过40%
select('Namespace')
.filter(({item}) => {
const cpu = item.getProperties('cluster-consumption').cpu;
const memory = item.getProperties('cluster-consumption').memory;
return (unit.percentage(cpu) >= 40) ||
(unit.percentage(memory) >= 40);
})Rules are edited with the live editor from the GUI and saved instantly on the cluster itself. No additional tool is needed for managing rules.
使用实时编辑器从GUI编辑规则,并立即将其保存在集群本身中。 不需要其他工具来管理规则。
You can find more information about the Rule Engine on the documentation page.
您可以在文档页面上找到有关规则引擎的更多信息。
交叉检查和资源关联 (Cross-checks and resource correlations)
The other impressive feature of Kubevious is the correlation between different Kubernetes resources. After you create a rule that matches a certain number of resources, you don’t have to manually scroll your viewport trying to find which of them are a match.
Kubevious的另一个令人印象深刻的功能是不同Kubernetes资源之间的关联。 创建与特定数量的资源匹配的规则后,无需手动滚动视口即可查找匹配的资源。
The rule GUI provides you with a direct report on what resources are affected.
规则GUI为您提供有关受影响的资源的直接报告。
Clicking on any of the affected resources focuses the dashboard on that resource.
单击任何受影响的资源将仪表板集中在该资源上。
This correlation capability is ever-present in several other facilities of Kubevious. For example, if Kubevious can detect shared data between certain resources it will allow you to see all of them in a single place.
这种关联能力在Kubevious的其他几个设施中始终存在。 例如,如果Kubevious可以检测某些资源之间的共享数据,它将使您可以在单个位置查看所有资源。
This feature makes it very easy to see the “blast radius” of your changes. One very common configuration issue with deployments is changing a setting/resource and not understanding all the other applications it will affect. Seeing beforehand what will be affected after a configuration change is a very welcome feature that makes navigating a large cluster much easier.
此功能使查看更改的“爆炸半径”变得非常容易。 部署中一个非常常见的配置问题是更改设置/资源,而不是了解它将影响的所有其他应用程序。 一个非常受欢迎的功能是预先了解配置更改后将受到的影响,这使得导航大型群集变得更加容易。
结论 (Conclusion)
The rules engine is just one of the features offered by Kubevious. Kubevious has several other interesting features such as a full-text search for all cluster resources as well as a time machine for detecting configuration changes. If you manage big clusters and don’t want to play the questions game with kubectl anymore, then Kubevious is straightforward to install and monitor in your cluster.
规则引擎只是Kubevious提供的功能之一。 Kubevious还具有其他一些有趣的功能,例如对所有群集资源的全文本搜索以及用于检测配置更改的时间机器 。 如果您管理大型集群并且不想再使用kubectl玩问题游戏,那么Kubevious可以轻松地在集群中安装和监视 。
Visit the https://kubevious.io/ website for more information.
访问https://kubevious.io/网站以获取更多信息。
Originally published at https://codefresh.io on August 18, 2020.
最初于 2020年8月18日 发布在 https://codefresh.io 。
扫一扫
462
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
