Kubernetes Tools
Kubernetes Monitoring Tools
cAdvisor
cAdvisor is a Kubernetes tool for monitoring resource usage and performance. It’s open-source and is maintained by Google. cAdvisor natively supports Docker and is integrated with Kubelet. There is support for any container type.
cAdvisor can auto-detect all containers in a server. It then collects, processes, and disseminates container information. It has one weakness. It is limited in terms of storing metrics for long term monitoring. cAdvisor’s container abstraction is based on lmctfy. It inherits the nested hierarchical behavior.
?
Kubernetes Dashboard
Kubernetes Dashboard is a web-based Kubernetes monitoring tool that is more suitable for smaller clusters. It provides a UI to manage Kubernetes. These tasks include discovery, load balancing, and monitoring.
Many options are available for trouble-shooting. The Dashboard allows monitoring of aggregate CPU and memory usage. It can monitor the health of workloads. Installation is straight forward as ready-made YAML templates are available. The cabin is the mobile version of the Kubernetes Dashboard. It provides similar functions for Android and iOS.
Kubelet
These are “node agents” that run on each node of a cluster of Kubernetes. They can register the node with the central API server. A “PodSpec,” which is a YAML or JSON object used to describe each pod. Kubelet is thereby able to monitor these nodes by their PodSpecs.
Furthermore, Kublet accepts PodSpecs from the API server. They are also able to do so from other sources. But are unable to manage them. Docker’s cAdvisor is one such source. Its main benefit is that it allows monitoring the entire cluster.
Kubernetes Security Tools
The security requirements of containers are unique. They differ from other types of hosting, like VPS. The reason is that they have more layers to be secured. These include container runtime, orchestrator, and application images. Below are some specialized tools.
Twistlock
Twistlock is a full-lifecycle container security solution. It has a VMS that scans for any areas that are vulnerable. It scans Kubernetes on an on-going basis. There is an automatic type of firewall, as well. Scanning container images is another important feature of Twistlock. Support is available for Node.js components and Docker images. Twistlock focuses on two essential aspects of container security. Firstly, it scans container images on an on-going basis. The reason for this is that new threat data emerge every day. Next, it focuses on the security of running containers. A baseline for normal behavior has to be set first. Afterward, it can be easily monitored.
Falco
Falco is a targeted Kubernetes tool for security that detects unusual activity in your containers. It’s derived from the Sysdig Project and has become a commercial product. Falco monitors containers with a greater focus on kernel system calls. It uses a single set of rules. These are used to monitor multiple layers of the container. These include the container itself, application, host, and the network. It supports both Kubernetes and containers. You can build unique rules for each of your Kubernetes clusters. These rules can be enforced across all containers. Falco also provides native support for container runtimes.
Aqua Security
Aqua Security scans container images before deployment. This feature allows you to make the image read-only. Immutable images are less susceptible to threats. Also, it allows for easy detection of anomalies. These scans are done on each application context. Scaling and performance were critical focuses during development and is stated in the official documents. Securing multi-tenancy environments is one of its core functions.
Aqua performs this task while ensuring isolation between tenants. Isolation refers to both data and access; it scans for multiple security issues. These include known threats, embedded secrets, and malware. It runs other tests for problems in settings and permissions. Aqua Security is compatible with over ten container vendors, and that’s in addition to Kubernetes.
领英推荐
Kubernetes Deployment Tools
Helm
Helm is a newer Kubernetes management tool for applications. It uses a type of YAML file called Charts. They are similar to a Homebrew, an Apt, or a Yum RPM. Charts are used to define, install, and upgrade Kubernetes. They are a type of template and support even the most complex Kubernetes. Charts are designed so that they are easy to create and maintain. They can be shared and used to publish Kubernetes. Charts contain a description of the package and at least one template. Templates contain Kubernetes manifest files. They can be reused to deploy multiple times. If the same chart is installed more than once, a new release is created.
Apollo
Apollo provides a UI for managing Kubernetes. It allows for viewing logs. Reverting a deployment can be done with just one click. It provides a flexible permission model. It is a lightweight tool for continuous deployment in Kubernetes. Apollo can integrate with any existing build process. It only needs to be notified of a “ready artifact.”This Kubernetes management tool allows users to manage multiple Kubernetes clusters. Each of these clusters can have multiple namespaces. The live querying feature allows viewing the current status of deployments. It supports viewing pod status, viewing logs, and restarting pods. It comprises of a Java client and REST API for monitoring.
?
Kubespray
Kubespray is a Kubernetes management tool that works through Ansible roles. It supports AWS, Google Cloud Environment, Azure, and OpenStack.Kubespray benefits those familiar with Ansible. It has a slight learning curve for such users, making both provisioning and managing possible through a single tool. Kubespray enables continuous integration tests. Support is available for most Linux distros.
?
Kubernetes CLI Tools
Kubectl
Kubectl is the default CLI tool for Kubernetes. It supports all operations related to Kubernetes. Nodes are detected via the config file in the $HOME directory. kubectl accepts other kubeconfig files as well. Just set up the relevant environment variable. It can also be done with the –kubeconfig flag. Docker users can use kubectl to interact with the API server. kubectl commands are similar to Docker commands. There are only a few minor differences.
?
kubectx / kubens
Both of these Kubernetes tools are available via a shared repo. They provide additional functions via kubectl. kubectx is a useful tool in multi-cluster environments. You can use it to switch context between clusters. Avoid complicated commands with the kubectx keyword. One significant benefit of kubectx is the ability to alias cluster names.This ability allows switching context with the command “kubectx [alias].” kubectx remembers the previous context. This memory enables switching back with “kubectx -.” kubectx is not available for Windows. So you will need to use kubectxwin instead. kubens is a similar tool and is useful for switching between Kubernetes namespaces. The “kubens -” command switches you back to the previous context.
Kube-shell
Kube-shell is another Kubernetes tool that can be used to supplement kubectl. It is a shell that is built on top of kubectl. It increases efficiency by providing auto-completion for commands. It suggests commands based on the values being typed. Kube-shell provides in-line descriptions once commands have been executed. Another vital feature is cycling through previous functions. This scrolling can be done with the arrow keys.
Kubernetes Serverless Tools
Kubeless
This tool is a native Kubernetes tool used to deploy small applications. It uses Kubernetes resources to enable many tasks. These help to auto-scale, route the API, monitor, and troubleshoot. Kubeless stands out as it supports Custom Resource Definitions. This feature allows Kubeless to create custom Kubernetes resources. You can then use an in-cluster controller to monitor them. It allows you to launch runtimes as required. It then makes these runtimes available over HTTP. Also, a PubSub mechanism is available.
Fission software logo
Fission can work on your local computer or public/private cloud. It provides support for many programming languages. These are Python, NodeJS, Go, C#, and PHP. These functions can then be mapped to HTTP requests or other triggers. Deployment is done with a single command. You don’t need to worry about building containers. This feature is the same for managing Docker registries. Fission, like many serverless tools, allows you to focus on your code. The plumbing is left to the framework and orchestrator. Also, this will enable you to build your containers. An essential feature of Fission is its Workflows. It allows linking multiple serverless functions with logic gates. You don’t need to deal with things like networking or message queues.
?
IronFunction
IronFunction is another open-source serverless tool written in Golang. It supports functions in any programming language. It supports AWS Lambda functions, which is one of its main features. You can import Lambda functions and run them on any platform. It enhances the savings on usage costs. This aspect is unlike an API that is active irrespective of usage. Serverless functions only incur charges when they are in use. These costs are time-sliced. Scaling is another area that is enhanced. All you do is increase the number of IronFunction nodes. There is no scaling of each app.