• Stars
    star
    3,126
  • Rank 14,384 (Top 0.3 %)
  • Language
    Go
  • License
    MIT License
  • Created over 4 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Easily check your clusters for use of deprecated APIs

Kubent (Kube-No-Trouble) logo

Easily check your clusters for use of deprecated APIs

Kubernetes 1.16 is slowly starting to roll out, not only across various managed Kubernetes offerings, and with that come a lot of API deprecations1.

Kube No Trouble (kubent) is a simple tool to check whether you're using any of these API versions in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster.

This tool will be able to detect deprecated APIs depending on how you deploy your resources, as we need the original manifest to be stored somewhere. In particular following tools are supported:

  • file - local manifests in YAML or JSON
  • kubectl - uses the kubectl.kubernetes.io/last-applied-configuration annotation
  • Helm v3 - uses Helm manifests stored as Secrets or ConfigMaps directly in individual namespaces

Additional resources:

Install

Run the following command in your terminal to install kubent using a shell script:

sh -c "$(curl -sSL https://git.io/install-kubent)"

(The script will download latest version and unpack to /usr/local/bin).

Manual Installation

You can download the latest release for your platform and unpack manually.

Third-Party Installation

Please note that third-party installation methods are maintained by the community. The packages may not always be up-to-date with the latest releases of kubent.

Homebrew

kubent is available as a formula on Homebrew. If you're using macOS or Linux, you can run the following command to install kubent:

brew install kubent

Usage

Configure Kubectl's current context to point to your cluster, kubent will look for the kube .config file in standard locations (you can point it to custom location using the -k switch).

kubent will collect resources from your cluster and report on found issues.

Please note that you need to have sufficient permissions to read Secrets in the cluster in order to use Helm* collectors.

$./kubent
6:25PM INF >>> Kube No Trouble `kubent` <<<
6:25PM INF Initializing collectors and retrieving data
6:25PM INF Retrieved 103 resources from collector name=Cluster
6:25PM INF Retrieved 0 resources from collector name="Helm v3"
6:25PM INF Loaded ruleset name=deprecated-1-16.rego
6:25PM INF Loaded ruleset name=deprecated-1-20.rego
__________________________________________________________________________________________
>>> 1.16 Deprecated APIs <<<
------------------------------------------------------------------------------------------
KIND         NAMESPACE     NAME                    API_VERSION
Deployment   default       nginx-deployment-old    apps/v1beta1
Deployment   kube-system   event-exporter-v0.2.5   apps/v1beta1
Deployment   kube-system   k8s-snapshots           extensions/v1beta1
Deployment   kube-system   kube-dns                extensions/v1beta1
__________________________________________________________________________________________
>>> 1.20 Deprecated APIs <<<
------------------------------------------------------------------------------------------
KIND      NAMESPACE   NAME           API_VERSION
Ingress   default     test-ingress   extensions/v1beta1

Arguments

You can list all the configuration options available using --help switch:

$./kubent -h
Usage of ./kubent:
  -A, --additional-annotation strings   additional annotations that should be checked to determine the last applied config
  -a, --additional-kind strings         additional kinds of resources to report in Kind.version.group.com format
  -c, --cluster                         enable Cluster collector (default true)
  -x, --context string                  kubeconfig context
  -e, --exit-error                      exit with non-zero code when issues are found
  -f, --filename strings                manifests to check, use - for stdin
      --helm3                           enable Helm v3 collector (default true)
  -k, --kubeconfig string               path to the kubeconfig file
  -l, --log-level string                set log level (trace, debug, info, warn, error, fatal, panic, disabled) (default "info")
  -o, --output string                   output format - [text|json|csv] (default "text")
  -O, --output-file string        output file, use - for stdout (default "-")
  -t, --target-version string           target K8s version in SemVer format (autodetected by default)
  -v, --version                         prints the version of kubent and exits
  • --additional-annotation Check additional annotations for the last applied configuration. This can be useful if a resource was applied with a tool other than kubectl. The flag can be used multiple times.

  • -a, --additional-kind Tells kubent to flag additional custom resources when found in the specified version. The flag can be used multiple times. The expected format is full Kind.version.group.com form - e.g. -a ManagedCertificate.v1.networking.gke.io.

  • -x, --context Select context from kubeconfig file (current-context from the file is used by default).

  • k, --kubeconfig Path to kubeconfig file to use. This takes precedence over KUBECONFIG environment variable, which is also supported and can contain multiple paths, and default ~.kube/config.

  • -t, --target-version Kubent will try to detect K8S cluster version and display only relevant findings. This flag allows to override this version for scenarios like use in CI with the file collector only, when detection from an actual cluster is not possible. Expected format is major.minor[.patch], e.g. 1.16 or 1.16.3.

Docker Image

We also publish official container image, which can be found at: ghcr.io/doitintl/kube-no-trouble:latest (also available tagged with each individual release version).

To run locally, you'll need to provide credentials, e.g. by sharing your kubectl config:

$ docker run -it --rm \
    -v "${HOME}/.kube/config:/.kubeconfig" \
    ghcr.io/doitintl/kube-no-trouble:latest \
    -k /.kubeconfig

You can use kubectl run to run inside a K8S cluster, as a one-off. In that case the credentials will be picked up via the pod's service account from the environment, but you'll want to grant relevant permissions first (see docs/k8s-sa-and-role-example.yaml):

$ kubectl run kubent --restart=Never --rm -i --tty \
    --image ghcr.io/doitintl/kube-no-trouble:latest \
    --overrides='{"spec": {"serviceAccount": "kubent"}}'

Use in CI

Exit codes

kubent will by default return 0 exit code if the program succeeds, even if it finds deprecated resources, and non-zero exit code if there is an error during runtime. Because all info output goes to stderr, it's easy to check in shell if any issues were found:

test -z "$(kubent)"                 # if stdout output is empty, means no issues were found
                                    # equivalent to [ -z "$(kubent)" ]

It's actually better so split this into two steps, in order to differentiate between runtime error and found issues:

if ! OUTPUT="$(kubent)"; then       # check for non-zero return code first
  echo "kubent failed to run!"
elif [ -n "${OUTPUT}" ]; then       # check for empty stdout
  echo "Deprecated resources found"
fi

You can also use --exit-error (-e) flag, which will make kubent to exit with non-zero return code (200) in case any issues are found.

Alternatively, use the json output and smth. like jq to check if the result is empty:

kubent -o json | jq -e 'length == 0'

Scanning all files in directory

If you want to scan all files in a given directory, you can use the following shell snippet:

FILES=($(ls *.yaml)); kubent ${FILES[@]/#/-f} --helm3=false -c=false

Development

The simplest way to build kubent is:

# Clone the repository
git clone https://github.com/doitintl/kube-no-trouble.git
cd kube-no-trouble/
# Build
go build -o bin/kubent cmd/kubent/main.go

Otherwise there's Makefile

$ make
make
all                            Cean, build and pack
help                           Prints list of tasks
build                          Build binary
generate                       Go generate
release-artifacts              Create release artifacts
clean                          Clean build artifacts

Commit messages

We enforce simple version of Conventional Commits in the form:

<type>: <summary>

[optional body]

[optional footer(s)]

Where type is one of:

  • build - Affects build and/or build system
  • chore - Other non-functional changes
  • ci - Affects CI (e.g. GitHub actions)
  • dep - Dependency update
  • docs - Documentation only change
  • feat - A new feature
  • fix - A bug fix
  • ref - Code refactoring without functionality change
  • style - Formatting changes
  • test - Adding/changing tests

Use imperative, present tense (Add, not Added), capitalize first letter of summary, no dot at the and. The body and footer are optional. Relevant GitHub issues should be referenced in the footer in the form Fixes #123, fixes #456.

Changelog

Changelog is generated automatically based on merged PRs using changelog-gen. Template can be found in scripts/changelog.tmpl.

PRs are categorized based on their labels, into following sections:

  • Announcements - announcement label
  • Breaking Changes - breaking-change label
  • Features - feature label
  • Changes - change label
  • Fixes - fix label
  • Internal/Other - everything else

PR can be excluded from changelog with no-release-note label. PR title is used by default, however, the copy can be customized by including following block in the PR body:

```release-note
This is an example release note!
```

Issues and Contributions

Please open any issues and/or PRs against github.com/doitintl/kube-no-trouble repository.

Please ensure any contributions are signed with a valid gpg key. We use this to validate that you have committed this and no one else. You can learn how to create a GPG key here.

Feedback and contributions are always welcome!

More Repositories

1

kubeip

Assign static public IPs to Kubernetes nodes (GKE, EKS)
Go
391
star
2

bigquery-grafana

Google BigQuery Datasource Plugin for Grafana. (NO LONGER MAINTAINED)
TypeScript
242
star
3

gcpinstances.info

GCPinstances.info source code
Python
173
star
4

secrets-init

minimalistic init system for containers with AWS/GCP secrets support
Go
161
star
5

kube-secrets-init

Kubernetes mutating webhook for `secrets-init` injection
Go
148
star
6

zorya

Google Cloud Instance Scheduler helping to reduce costs by 60% on average for non-production environments.
JavaScript
141
star
7

secure-gcp-reference

Best practice example for secure and compliant Google Cloud Platform infrastructure
99
star
8

gtoken

Securely access AWS services from GKE cluster
Go
73
star
9

gSlack

Get Slack notifications from Google Cloud Platform
JavaScript
72
star
10

iris3

An upgraded and improved version of the Iris automatic GCP-labeling project
Python
71
star
11

gpu-finder

Python
69
star
12

SafeScrub

Safely delete unwanted resources in a GCP project, clearing clutter and saving money.
Shell
68
star
13

bigquery-optimization-queries

Queries to assist with BigQuery cost and performance.
Python
61
star
14

banias

Opinionated serverless event analytics pipeline
Go
43
star
15

janus

Janus is a simple way to assume AWS Role with Google Cloud Service Account
Python
40
star
16

ClusterCloner

Clone Kubernetes clusters (VM infrastructure, not K8s objects) to/from AWS EKS, GCP GKE, and Azure EKS.
Go
33
star
17

doit-composer-airflow-training

Getting started with Apache Airflow on Cloud Composer
Python
28
star
18

gke-fundamentals-workshop

Shell
25
star
19

bqtop

Visualizing BigQuery query jobs with Cloud Functions, Firebase andΒ Pub/Sub
JavaScript
25
star
20

CloudBlaster

Kotlin
22
star
21

Cloud-Tasks-In-Process-Emulator

Google doesn't offer an emulator for the Cloud Tasks API, as it does for Datastore or PubSub. This project answers that need with a single short Python module intended to be copied to your codebase.
Python
20
star
22

AWSlack

Get Slack notifications on AWS CloudWatch events
JavaScript
19
star
23

gcp-monitoring-metric-exporter

Python
18
star
24

workload-identity-analyzer

A tool to analyze a workload running in GKE and make sure that Workload Identity is configured properly
Python
16
star
25

doit-easily-marketplace

Python
12
star
26

dataflow-kafka-to-bq

Dataflow template which read data from Kafka (Support SSL), transform, and outputs the resulting records to BigQuery
Java
12
star
27

cloud-catalog

Extract categories and services (as unified JSON) for major public cloud services.
Python
11
star
28

gcs-stats

Easily analyze the size of Google Cloud Storage buckets regardless of their size
JavaScript
10
star
29

terraform-iac-demo

GitOps demo of Terraform infrastructure as code (IaC)
HCL
9
star
30

aws-eks-sample-templates

The repository contains the sample templates to get started with AWS EKS quickly
9
star
31

secrets-consumer-webhook

Kubernetes mutation webhook for secrets-consumer-env - Automatically inject secrets to Pod
Go
9
star
32

gke-https-redirect

Demonstration how to use the newly introduced https redirect support in native GKE ingress resources.
9
star
33

gcp-discover-orphaned-firewall-rules

Find orphaned firewall rules that are not applied to any VM instances in a shared VPC
Go
8
star
34

esop

Employee Stock Option Plan
8
star
35

eks-spot-to-ondemand-fallback

7
star
36

terraform-bq-scheduled-queries

This is a demo project to use Terraform to manage BigQuery scheduled queries with Cloud Build CI/CD
HCL
7
star
37

bi-engine-statistics

a opinionated bi engine statistics dashboard for dashboard
LookML
7
star
38

ignite-gke

Running Apache Ignite on GKE the "right" way
Java
6
star
39

bq-snitch-app

Get visibility into expensive Google BigQuery queries on Slack
Python
6
star
40

DoiT-AdminPulse-for-Workspace

A tool for Workspace administrators to review their security posture and inventory the admin SDK.
JavaScript
6
star
41

terraform-gcp-templates

Generic Terraform GCP templates
HCL
5
star
42

validating-admission-policy-playground

5
star
43

azure-instances.info

HTML
5
star
44

QuickQuickstarts

The simplest quickstart scripts for running multiple web backend infrastructures in AWS and GCP.
Shell
5
star
45

dataflow-bigquery-schema-migrator-insert

Dataflow Bigquery Schema Migrator Insert
Java
5
star
46

spotzero

Update EC2 Auto Scaling groups in AWS account to use Spot instances.
Go
4
star
47

galactus

A tool for detecting unused Service Accounts and Service Account Keys on GCP
Python
4
star
48

gcp-alerting-cis-benchmarks

Configuration instructions for Cloud Monitoring alerts on Google Cloud Platform for additional security based on CIS benchmarks
4
star
49

private_cloud_sql

4
star
50

intercloud-throughput

Python
4
star
51

secrets-consumer-env

Consume secrets securely from AWS, GCP and Hashicorp Vault secret managers
Go
3
star
52

ec2-auto-tag

Python
3
star
53

elasticsearch-gke

Blueprint for creating production-grade ElasticSearch deployments with Elastic K8s Operator
Makefile
3
star
54

ferent

Clojure
3
star
55

calculate-cloudfront-aos

Calculate CloudFront Average Object Size (AOS) using Cost Explorer API
Python
3
star
56

cre-playbooks

A collection of playbooks to help CREs solve problems more efficiently
3
star
57

docs-gitbook-cmp

ARCHIVED: GitBook repository for the DoiT Cloud Management Platform (CMP) User Documentation
Shell
3
star
58

docops

Common resources for doing DocOps at DoiT
Python
3
star
59

terraform-provider-doit-console

Terraform provider for DoiT API platform
Go
3
star
60

doit-eks-lens-helm-chart

Smarty
3
star
61

docops-devcontainer

DocOps devcontainer
2
star
62

next23-genai-demo

Jupyter Notebook
2
star
63

gke-ssh

HCL
2
star
64

platform-iac

DoiT platform infrastructure as a code templates
HCL
2
star
65

cloud-run-go-boilerplate

Go
2
star
66

gceinstances

Inspired by ec2instances.info, this is a summary page for Google Compute Engine instances
HTML
2
star
67

docops-python

DoiT International DocOps Python library and CLI program
Shell
2
star
68

mysql-57-eol

Documents to help guide customers through MySQL 5.7 End of life
2
star
69

tf-fundamentals-workshop-101

Basic workshop on the topic of Terraform in the context of AWS
HCL
2
star
70

looker-cph-event

LookML
1
star
71

robust-multicloud

Kotlin
1
star
72

help

DoiT International Help Center and product documentation
JavaScript
1
star
73

secret-manager-nodejs-example

JavaScript
1
star
74

assembly-pipeline

Shell
1
star
75

cloudbuild-demo

JavaScript
1
star
76

demo-gke-pubsub-consumer

JavaScript
1
star
77

clojure-exercises

Clojure
1
star
78

poc-gcp-nextflow

Nextflow + GCP + LifeSciencesAPI + Compute Engine + NextflowTower + Workflows
1
star
79

app-engine-firebase-identity

BYO Identity through Firebase
Python
1
star
80

dynamodb-lens

Python
1
star
81

cloudrun-cloudsql-psc

Accessing CloudSQL with Private Service Connect enabled from Cloud Run
1
star
82

zen-dog

Tool to sync crucial zendesk configuration from code
1
star
83

gcp-auto-tag

Python
1
star
84

locust-demo

Python
1
star
85

gke-node-autoscheduler-poc

HCL
1
star
86

eks-lens-agent

Go
1
star
87

gcp-qms

Quota Monitoring Solution support files for Google Cloud Platform
Shell
1
star
88

avoxi-workshop-public

Jupyter Notebook
1
star
89

developer-envs

HCL
1
star
90

simple-cloud-run

Sometimes it's amazing how simple Google Cloud can be - this time Cloud Run
Go
1
star
91

terraform-provider-doit

Terraform provider for DoiT API platform
Go
1
star
92

next24-genai-demo

Gen AI Demo for Google Next'24. This is a RAG system with Agents to retrieve project specific cost and combine it with DoiT blog posts to deliver a analysis on how to reduce cost.
Jupyter Notebook
1
star
93

aws-dms-to-hudi

Example AWS DMS ingestion pipeline to Apache Hudi tables in S3
Python
1
star
94

bigquery-list-tables-org-wide

A script that will list all tables (and potentially relevant metadata) across your whole Google Cloud organisation.
Python
1
star
95

LLM-Liftoff-Bedrock-Workshop

Python
1
star
96

ticket-review

An app for performing ticket reviews.
HCL
1
star
97

aws-help

Help Docs for DoIT AWS Customers
1
star