25 useful tools Kubernetes: deployment and management
Anthony Smith Images / Shutterstock.com
We create Kubernetes as a cloud service and keep a close eye on current tools for developers of container applications. In this post we will tell about tools that greatly facilitate the work with the deployment of Kubernetes and help build a CI / CD.
Deploying Kubernetes Cluster
Kubespray
Ansible role set for Kubernetes deployment and configuration. Kubespray works on AWS, GCE, Azure, Mail.Ru Cloud Solutions, OpenStack and bare metal IaaS. Kubespray is an open source and open source project, under the hood of kubeadm.
Thanks to Kubespray, to create resources (virtual machines, networks, balancers, and so on) and orchestration it is enough to know Ansible, other tools are not needed. If you are familiar with Ansible, this can be a great help.
Cost : Free
Kubeadm
Kubernetes distribution tool starting from version 1.4. Helps to initialize Kubernetes clusters in their best configurations on the existing infrastructure.
Kubeadm does not know how to dynamically create the necessary infrastructure in the cloud. Its main advantage is that it can run Kubernetes minimally viable clusters in any environment. However, add-ins and network settings are not included with Kubeadm, so you will have to configure everything manually or use other tools.
Cost : Free
Kops
Helps to create, delete, update and maintain Kubernetes industrial fault-tolerant clusters from the command line. This tool officially supports Amazon Web Services (AWS). GCE support is in beta, and VMware vSphere is in alpha. Support is also planned for other platforms, including OpenStack. Kops allows you to control the full life cycle of a Kubernetes cluster, from infrastructure preparation to cluster removal.
Cost : Free.
Mail.Ru Cloud Solutions: Containers
Kubernetes clusters as a cloud service. With it, you can get a ready-to-work cluster in a few minutes without setting it up, as well as update it to the required version. Clusters are easily scaled and work on the Mail.Ru infrastructure, which is designed for high-load services.
The cost depends on the configuration. For example, a test environment of two nodes and one master costs 3200₽ per month. You can test for free.
Monitoring
Kubebox
The terminal console for the Kubernetes cluster, with which you can manage the cluster and track its status in real time through the good old interface. Kubebox shows how hearth resources are involved, monitors a cluster, shows container logs, and so on. Even in it, you can easily navigate to the desired namespace and execute the command in the correct container to quickly troubleshoot or restore work.
Cost : free.
Kubedash
Provides UI for performance analysis. Aggregates and summarizes metrics from various sources, shows administrators high-level analytical data. Kubedash uses Heapster as a data source, which runs as a default service on all Kubernetes clusters and collects metrics and analytics in each container.
Cost : free.
Containerum
Open Upsource for Kubernetes, which can be used in place of the kubectl native console. The tool is interesting not only for developers, but also for project managers, as it helps to monitor projects running in the Kubernetes cluster in an intuitive interface. The tool allows you to manage running applications, integrates with CI / CD pipelines. Containerum UI will be especially useful for those who only master Kubernetes.
Cost : Free.
Kubetail
A small bash script to aggregate the logs of many podov in one stream. The original version of Kubetail does not know how to filter or allocate, but on Github there is a separate fork that can paint logs using MultiTail.
Cost : free.
Weave scope
A tool for troubleshooting and monitoring Docker Swarm and Kubernetes clusters. Weave Scope automatically generates application topologies and architectures, which helps to find bottlenecks in the operation of applications. You can deploy Weave Scope as a standalone application on a local server or laptop, or use it as a SaaS in the Weave Cloud. With Weave Scope, it is easy to group, filter, and search containers by name, label, resource consumption. Unexpectedly useful functionality: you can log in to the Kubernetes nodes as root user from the web console without having ssh access.
Cost : offline mode - free; Standard SaaS version - $ 30 / month. for the node (30 days trial); corporate version - $ 150 / month. for the node.
Prometheus
An open-source monitoring and notification tool inspired by Google Borg Monitor. Prometheus allows you to create your own metrics (there is integration with all popular programming languages), and also contains a large number of ready-made integrations (exporters) with various technologies: PostgreSQL, MySQL, AWS Cloudwatch, ETCD and Kubernetes.
Prometheus has de facto become the standard for Kubernetes monitoring. There is a special Prometheus Operator that allows you to create Prometheus instances in Kubernetes clusters, including tight integration with Grafana and Alertmanager.
Cost : Free
Searchlight
Kubernetes operator for Icinga . Searchlight periodically runs checks on Kubernetes clusters, and if something goes wrong, it sends you an email, SMS or writes to the chat. Searchlight includes a default set of checks specifically for Kubernetes.
Searchlight extends the monitoring capabilities of Prometheus as an external black box-monitoring service and serves as a backup system in the event of a complete failure of internal systems.
Cost : Free.
Kubernetes Operational View (Kube-ops-view)
Read-only system panel that can work with many Kubernetes clusters. Using Kube-ops-view, it is easy to move between clusters, monitor nodes and the status of the hearths. Kube-ops-view animates some processes, such as creating and destroying pods. The tool also uses Heapster as a data source.
Cost : free.
Security
Aquasec
Aquasec protects Kubernetes installations throughout the entire life cycle. On each container, the solution deploys a dedicated agent that acts as a firewall and plugs holes in the security of the container. The agent interacts with the Aquasec central management console, which manages security restrictions. Aquasec also helps to set up flexible pipeline implementation of security mechanisms in cloud and local environments.
There is another open source tool associated with Aquasec - Kube-Bench, which tests the Kubernetes environment through a long list of tests from the CIS Kubernetes Benchmark document.
Cost : $ 0.29 per scan.
Twistlock
Another tool that acts as a cloud firewall for applications (Cloud Native Application Firewall) and analyzes network traffic between containers and services. Twistlock analyzes the standard behavior of containers and generates rules based on this behavior, so administrators do not have to create rules manually. Twistlock also supports Kubernetes CIS Benchmark since version 2.2.
Cost : from $ 1,700 for an annual license, there is a trial period.
Sysdig secure
The component of the platform Sysdig Container Intelligence, is supplied as a separate solution. Provides container visibility and integrates with orchestration tools, including Kubernetes, Docker, AWS ECS and Apache Mesos. Thanks to Sysdig Secure, a user can deploy service-aware policies, block attacks, analyze history, and track cluster performance. Sysdig Secure is available as a cloud and on-premise application.
Cost : Free for offline use. The price of the Pro version for the cloud and in the form of software depends on the configuration.
Kubesec.io
A service that assesses how much Kubernetes resources use to enhance security. Kubesec.io checks the compliance of resource configurations with best practices. The user receives full control and recommendations for improving the overall security of the system. On the project website there are a lot of links to external sources on container security and Kubernetes.
Cost : Free
Useful Utilities
kubectl-aliases
A very simple but incredibly powerful alias generator for kubectl. It allows you to write Kubernetes daily administration commands much faster, providing more than 800 short aliases for all occasions.
Cost: Free.
Cabin
Panel for remote control of Kubernetes clusters from a mobile device (Android and iOS). With Cabin, you can manage applications, scale deployments, and troubleshoot a cluster. Helps Kubernetes cluster operators to quickly respond to incidents from any location.
Cost : free.
Kubectx / Kubens
A small open source utility that complements Kubectl functionality, allowing you to easily switch context and connect to multiple Kubernetes clusters at the same time. Kubens allows you to navigate between Kubernetes namespaces. Both tools support autocomplete in bash / zsh / fish shells.
Cost : free.
Kube-shell
It helps to work faster with kubectl. Provides autocompletion of commands and offers options. It can even search and correct incorrectly entered commands. Kube-shell displays in-line help about the commands being executed.
Cost : free.
Kail
Kail - short for Kubernetes Tail. This tool works with Kubernetes clusters and helps to track Docker logs for the required subfields. Kail allows you to filter feeds by services, deployments, labels and other parameters. Subs will be automatically added to the log (or deleted from there) after launch, if it meets the filtering criteria.
Cost : Free.
CI / CD Tools
Jenkins
The most popular open source CI / CD server in the world. For it, there is a free plugin that allows you to deploy applications to Kubernetes, conduct their rolling updates (sequential updates with minimized downtime), and also perform Green / Blue-update deployment. This post provides a detailed scenario of this configuration.
Cost : free.
Teamcy
A popular CI / CD service from the JetBrains team. With this plugin, you can use the Kubernetes cluster infrastructure to run TeamCity build agents. The plugin supports TeamCity version 2017.1.x and newer.
Cost : Free up to three build agents and 100 build configurations. $ 299 for the license, giving the opportunity to use an additional build-agent and 10 additional build-configurations.
Visualization and control
Kubernetes Dashboard
Universal web interface Kubernetes clusters. Using this native control panel makes it much easier to troubleshoot and monitor clusters. To access the panel, you need to create a secure proxy channel between your machine and the Kubernetes API server. The Kubernetes native panel relies on the Heapster data collection tool, so it must be installed in the system. Despite the fact that Heapster is not officially recommended for use (deprecated), there is no complete alternative to it yet.
Cost : free.
Kubeapps
Web interface for the catalog of applications in Kubernetes clusters. Allows you to install, update and delete Helm-charts by pressing a single button, without using the command line.
Cost : free.
In the next post we will talk about advanced tools for developers.