25 useful tools Kubernetes: deployment and management

Anthony Smith Images / Shutterstock.com

We create Kubernetes as a cloud service and keep a close eye on the actual tools of container application developers. In this post we will tell about tools that greatly facilitate the work with the deployment of Kubernetes and help build a CI / CD.

Deploying Kubernetes Cluster

Kubespray

Ansible role set for Kubernetes deployment and configuration. Kubespray works on AWS, GCE, Azure, Mail.Ru Cloud Solutions, OpenStack and bare metal IaaS. Kubespray is an open source and open source project, under the hood of kubeadm.

Thanks to Kubespray, to create resources (virtual machines, networks, balancers, and so on) and orchestration it is enough to know Ansible, other tools are not needed. If you are familiar with Ansible, this can be a great help.
')
Cost : Free

Kubeadm

Kubernetes distribution tool starting from version 1.4. Helps to initialize Kubernetes clusters in their best configurations on the existing infrastructure.
Kubeadm does not know how to dynamically create the necessary infrastructure in the cloud. Its main advantage is that it can run minimally viable Kubernetes clusters in any environment. However, add-ins and network settings are not included with Kubeadm, so you will have to configure everything manually or use other tools.

Cost : Free

Kops

Helps to create, delete, update and maintain Kubernetes industrial fault-tolerant clusters from the command line. This tool officially supports Amazon Web Services (AWS). GCE support is in beta, and VMware vSphere is in alpha. Support is also planned for other platforms, including OpenStack. Kops allows you to control the full life cycle of a Kubernetes cluster - from infrastructure preparation to cluster removal.

Cost : free.

Mail.Ru Cloud Solutions: Containers

Kubernetes clusters as a cloud service. With it, you can get a ready-to-work cluster in a few minutes without setting it up, as well as update it to the required version. Clusters easily scale and work on the Mail.Ru infrastructure, which is designed for high-load services.

The cost depends on the configuration. For example, a test environment of two nodes and one master costs 3200₽ per month. You can test for free.

Monitoring

Kubebox

The terminal console for the Kubernetes cluster, with which you can manage the cluster and track its status in real time through the good old interface. Kubebox shows how hearth resources are involved, monitors a cluster, shows container logs, and so on. Even in it, you can easily navigate to the desired namespace and run the command in the correct container to quickly troubleshoot or restore work.

Cost : free.

Kubedash

Provides UI for performance analysis. Aggregates and summarizes metrics from various sources, shows administrators high-level analytical data. Kubedash uses Heapster as a data source, which runs as a default service on all Kubernetes clusters and collects metrics and analytics in each container.

Cost : free.

Containerum

Open source UI for Kubernetes, which can be used instead of the kubectl native console. The tool is interesting not only for developers, but also for project managers, as it helps to monitor projects running in the Kubernetes cluster in an intuitive interface. The tool allows you to manage running applications, integrates with CI / CD pipelines. Containerum UI will be especially useful for those who only master Kubernetes.

Cost : free.

Kubetail

A small bash-script to aggregate the logs of many podov in one stream. The original version of Kubetail does not know how to filter or allocate, but on Github there is a separate fork, which can paint logs using MultiTail.

Cost : free.

Weave scope

A tool for troubleshooting and monitoring Docker Swarm and Kubernetes clusters. Weave Scope automatically generates application topologies and architectures, which helps to find bottlenecks in the operation of applications. You can deploy Weave Scope as a standalone application on a local server or laptop, or use it as a SaaS in the Weave Cloud. With Weave Scope, it is easy to group, filter, and search containers by name, label, resource consumption. Unexpectedly useful functionality: you can log in to the Kubernetes nodes as root user from the web console without having ssh access.

Cost : offline - for free; Standard SaaS version - $ 30 / month. for the node (30 days trial); corporate version - $ 150 / month. for the node.

Prometheus

An open-source monitoring and notification tool inspired by Google Borg Monitor. Prometheus allows you to create your own metrics (there is integration with all popular programming languages), and also contains a large number of ready-made integrations (exporters) with various technologies: PostgreSQL, MySQL, AWS Cloudwatch, ETCD and Kubernetes.

Prometheus has de facto become the standard for Kubernetes monitoring. There is a special Prometheus Operator that allows you to create Prometheus instances in Kubernetes clusters, including tight integration with Grafana and Alertmanager.

Cost : Free

Searchlight

Kubernetes operator for Icinga . Searchlight periodically runs checks on Kubernetes clusters, and if something goes wrong, it sends you an email, SMS or writes to the chat. Searchlight includes a default set of checks specifically for Kubernetes.

Searchlight extends the monitoring capabilities of Prometheus as an external black box-monitoring service and serves as a backup system in the event of a complete failure of internal systems.

Cost : free.

Kubernetes Operational View (Kube-ops-view)

Read-only system panel that can work with many Kubernetes clusters. Using Kube-ops-view, it is easy to move between clusters, monitor nodes and the status of the hearths. Kube-ops-view animates some processes, such as creating and destroying pods. The tool also uses Heapster as a data source.

Cost : free.

Security

Aquasec

Aquasec protects Kubernetes installations throughout its life cycle. On each container, the solution deploys a dedicated agent that acts as a firewall and plugs holes in the security of the container. The agent interacts with the Aquasec central management console, which manages security restrictions. Aquasec also helps to set up flexible pipeline implementation of security mechanisms in cloud and local environments.

There is another open source tool associated with Aquasec - Kube-Bench, which tests the Kubernetes environment through a long list of tests from the CIS Kubernetes Benchmark document.

Cost : $ 0.29 per scan.

Twistlock

Another tool that acts as a cloud firewall for applications (Cloud Native Application Firewall) and analyzes network traffic between containers and services. Twistlock analyzes the standard behavior of containers and generates rules based on this behavior, so administrators do not have to create rules manually. Twistlock also supports Kubernetes CIS Benchmark since version 2.2.

Cost : from $ 1,700 for an annual license, there is a trial period.

Sysdig secure

Component platform Sysdig Container Intelligence, is supplied as a separate solution. Provides container visibility and integrates with orchestration tools, including Kubernetes, Docker, AWS ECS and Apache Mesos. Thanks to Sysdig Secure, a user can deploy service-aware policies, block attacks, analyze history, and track cluster performance. Sysdig Secure is available as a cloud and on-premise application.

Cost : Free for offline use. The price of the Pro version for the cloud and in the form of software depends on the configuration.

Kubesec.io

A service that assesses how much Kubernetes resources use to enhance security. Kubesec.io checks the compliance of resource configurations with best practices. The user receives full control and recommendations for improving the overall security of the system. On the project website there are many links to external sources on container security and Kubernetes.

Cost : Free

Useful Utilities

kubectl-aliases

A very simple but incredibly powerful alias generator for kubectl. It allows you to write Kubernetes daily administration commands much faster, providing more than 800 short aliases for all occasions.

Cost: free.

Cabin

Panel for remote control of Kubernetes clusters from a mobile device (Android and iOS). With Cabin, you can manage applications, scale deployments, and troubleshoot a cluster. Helps Kubernetes cluster operators to respond quickly to incidents from anywhere.

Cost : free.

Kubectx / Kubens

A small open source utility that complements the Kubectl functionality, allowing you to easily switch context and connect to several Kubernetes clusters at the same time. Kubens allows you to navigate between the Kubernetes namespaces. Both tools support autocomplete in bash / zsh / fish shells.

Cost : free.

Kube-shell

Helps to work faster with kubectl. Provides autocompletion of commands and offers options. It can even search and correct incorrectly entered commands. Kube-shell displays in-line help about the commands being executed.

Cost : free.

Kail

Kail - short for Kubernetes Tail. This tool works with Kubernetes clusters and helps to track Docker logs for the required subfields. Kail allows you to filter feeds by services, deployments, tags, and other parameters. Subs will be automatically added to the log (or deleted from there) after launch, if it meets the filtering criteria.

Cost : free.

CI / CD Tools

Jenkins

The most popular open source CI / CD server in the world. For it, there is a free plugin that allows you to deploy applications to Kubernetes, conduct their rolling updates (sequential updates with minimized downtime), and also perform Green / Blue updates deployment. This post provides a detailed scenario of this configuration.

Cost : free.

TeamCity

A popular CI / CD service from the JetBrains team. With this plugin, you can use the Kubernetes cluster infrastructure to run TeamCity build agents. The plugin supports TeamCity version 2017.1.x and newer.

Cost : Free up to three build agents and 100 build configurations. $ 299 for a license, giving the opportunity to use an additional build-agent and 10 additional build-configurations.

Visualization and control

Kubernetes Dashboard

Universal web interface Kubernetes clusters. Using this native control panel makes it much easier to troubleshoot and monitor clusters. To access the panel, you need to create a secure proxy channel between your machine and the API server Kubernetes. The Kubernetes native panel relies on the Heapster data collection tool, so it must be installed in the system. Despite the fact that Heapster is not officially recommended for use (deprecated), there is no complete alternative to it yet.

Cost : free.

Kubeapps

Web interface for the catalog of applications in Kubernetes clusters. Allows you to install, update and delete Helm-charts by pressing a single button, without using the command line.

Cost : free.

In the next post we will talk about advanced tools for developers.