kubevious

by kubevious

kubevious /kubevious

Kubevious - application centric Kubernetes UI and continuous assurance provider

562 Stars 40 Forks Last release: 3 months ago (v0.6) Apache License 2.0 264 Commits 6 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Slack Codefresh build status License Follow Kubevious on F6S

What is Kubevious?

Kubevious (pronounced [kju:bvi:əs]) is open-source software that provides a usable and highly graphical interface for Kubernetes. Kubevious renders all configurations relevant to the application in one place. That saves a lot of time from operators, eliminating the need for looking up settings and digging within selectors and labels. Kubevious works with any Kubernetes distributions. Kubevious and can be used at any stage of the project.

Kubevious also provides hints to operators to avoid and identify configurational and operational errors.

Intro Video

See the collection of other demo videos: https://www.youtube.com/channel/UCTjfcEFrGjqtSGtry4ySUzQ

Live Demo

See our live demo running on a model cluster: https://demo.kubevious.io.

Running Kubevious

Kubevious works with any Kubernetes distribution and runs within the cluster. Deploy using Helm v3:

kubectl create namespace kubevious

helm repo add kubevious https://helm.kubevious.io

helm upgrade --atomic -i kubevious kubevious/kubevious --version 0.6.36 -n kubevious

kubectl port-forward $(kubectl get pod -l k8s-app=kubevious-ui -n kubevious -o jsonpath="{.items[0].metadata.name}") 3000:80 -n kubevious

Access from browser: http://localhost:3000

For more details on installation options visit Deployment Repository.

Running Kubevious Outside the Cluster

While Kubevious was made to run inside the cluster and monitor the cluster it lives in, Kubevious Portable version runs outside the cluster. Usually, that would happen on development machines from where operators would run kubectl commands. Kubevious Portable runs inside a single docker container. Kubevious Portable does not have Rule Executing and Time Machine capabilities and is meant for quick sanity check and visualization of Kubernetes clusters and applications. Kubevious Portable connects to clusters defined in kube-config files.

See instructions on running Kubevious Portable here.

Capabilities

Cluster and Configs in an Application Centric View

Cluster and Configs in an Application Centric View

Even a simple Hello World app in Kubernetes produces dozens of objects. It takes a lot of time to fetch application relevant configurations.

Kubeviuos renders the entire Kubernetes cluster configuration in an application-centric graphical way. Kubevious identifies relevant Deployments, ReplicaSets, Pods, Services, Ingresses, Volumes, ConfigMaps, etc. and renders withing the application boxes.

The main screen is rendered using boxes. Every box is expandable (using double-click) and selectable. The right side panel includes properties and configurations associated with each box.

Detect Configuration Errors

Detect Configuration Errors

Kubernetes follows a detached notion for configuration. It is super easy to have typos and errors when connecting components.

Kubevious identifies many configuration errors, such as misuse of labels, missing ports, and others. The red circle contains the number of errors within the subtree.

Write Your Own Validation Rules

Kubevious Rule Editor Rule Script

Kubevious comes with an ability to support organizations needing additional rules beyond the built-in checks (such as label mismatch, missing port, misused or overused objects, etc.). It does that by allowing Kubernetes operators to define their own rules, and allowing organizations to enforce DevOps best practices without changing their existing release processes. The rules in Kubevious are continuously assured to be compliant to company policies and security postulates to be enforced. Rules are defined using a domain-specific JavaScript syntax to allow custom rules to be easily written and understood.

Learn more about defining your own rules here.

Kubevious Rule Editor Affected Objects

Identify Blast Radius

Identify Blast Radius

Configuration in Kubernetes is highly reusable. A small change can cause unintended consequences.

Kubevious identifies shared configurations and also displays other dependent objects. A single glance is enough to identify the cascading effects of a particular change.

Full Text Search

Full Text Search

Looking for a particular configuration in Kubernetes haystack takes lots of time.

Kubevious supports full text across across entire cluster.

Perform Capacity Planning and Optimize Resource Usage

Perform Capacity Planning and Optimize Resource Usage

Clearly identify how much resources are taken by each container, pod, deployment, daemonset, namespace, etc.

Kubevious renders not only absolute resource request values, but also relative usage per node, namespace and entire cluster. Identify which apps take most resources within the namespace.

Time Machine

Time Machine

With ever changing configuration it is hard to keep track and identify the source of the problem.

Kubvious allows you to travel back in time and navigate configuration as well as errors. See time machine in action here: https://youtu.be/Zb5ZIJEHONU

Radioactive & Overprivileged Workloads

Radioactive & Overprivileged Workloads

Granting excessive control to workloads not only increases the risk of being hacked but also affects the stability of nodes and the entire cluster.

Kubevious marks workloads and their corresponding namespaces as radioactive. Specifically, it checks for privileged containers, hostPID, hostNetwork, hostIPC flags, and mounts to sensitive host locations like docker.sock file, etc.

Correlated RBAC

RBAC Multiple ClusterRoles

Things get messy when it comes to Kubernetes RBAC. There are too many indirections and links to navigate to identify permissions applied to pods.

Kubevious provides correlated view across Roles, Bindings, ServiceAccounts and Applications. Kubevious goes one step further and combines permissions across all relevant roles and presents them in a single role matrix.

RBAC Shared ServiceAccount

Just like in case of ConfigMaps, the ServiceAccounts, Roles and Bindings can be marked with "Shared-By" flag. That would mean that the ServiceAccount, Role or Binding is used elsewhere, and any changes to would affect other applications as well.

Community Posts

If you want your article describing the experience with Kubevious posted here, please submit a PR.

Authors

Everyone is welcome to contribute. See CONTRIBUTING for instructions on how to contribute.

License

Kubevious is an open source project licensed under the Apache License.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.