How To Manage Kubernetes Cluster with Kubevious

At this point, we can all agree that containerization is everywhere. This is because many organizations have decided to modernize their existing applications for cloud use. Containerization can be defined as the packaging of software and all the required libraries in a lightweight executable referred to as a container. The most popular open-source tools used to run containers are docker, Podman, and Kubernetes.

Kubernetes/k8s is a widely used open-source tool, used in container orchestration. It works by distributing the workload across a server farm, automating the container networking needs, storage, and persistent volumes while maintaining the desired container state

Managing Kubernetes clusters can be hard, especially in a large environment. Therefore the need for Kubernetes management tools increases. The popularly used tools to manage Kubernetes clusters are K9s, Weave scope, Dashboard + Kubectl + Kubeadm, KubeSpray, Kontena Lens, Konstellate, WKSctl, Portainer, Rancher, Headlamp e.t.c

What is Kubevious?

Kubevious is an open-source graphical interface for Kubernetes. It makes the Kubernetes cluster, and application configuration state safe and easy to understand. Kubevious eliminates disasters and costly outages by validating the application manifests and configurations periodically. It normally detects and prevents misconfigurations, conflicts, inconsistencies, and violations of Kubernetes practices. It operates inside the clusterand can be accessed via the web application or CLI for CI/CD pipelines integration.

From the Kubevious app-centric user interface, you can get intuitive insight, introspection, and troubleshooting tools for cloud-native applications. The features offered by Kubevious are:

• Investigate: It lets users travel back in time, investigate cluster configuration and state, audit applications, root cause outages, and recover good and working manifests. The Time Machine executes resources from the Kubernetes API server making it easy to keep track of all the changes made.
• Search Engine: This is a full-text search engine that helps users find and return Kubernetes manifests matching various search criteria.
• Introspect: It provides insights optimized for specific roles and responsibilities as well as correlated app-centric views. These are:
  • Correlated RBAC: helps understand which permissions are granted to Applications through ServiceAccounts, RoleBindings, and Roles.
  • Correlated Network Policies: defines how NetworkPolicies are affecting applications and which traffic is allowed.
  • Identifying Blast Radius: helps identify shared resources within the cluster.
  • Radioactive Workloads: used to identify applications that have excessive permissions.
  • Capacity Planning and Resource Usage Optimization: helps identify how much of cluster resources are used by Applications and Namespaces.
• Validate: It lets users validate cluster configuration and state for misconfigurations and violations of best practices using:
  • Built-in Validations that include a comprehensive library of rules to detect and prevent DevOps/SRE-focused misconfigurations.
  • Rules Engine which provides an intuitive policy language for custom extensions of validation logic using a JavaScript–like(if-then-else) syntax. The Rules Engine allows the enforcement of complex cross-manifest policies.

This guide demonstrates how to manage Kubernetes Cluster with Kubevious.

#1. Setup kubectl and helm

It is required that you have a Kubernetes cluster set up. The below guides can be used to create a Kubernetes cluster on your Linux system.

• Deploy HA Kubernetes Cluster on Rocky Linux 8 using RKE2
• Deploy Kubernetes on KVM using Flatcar Container Linux
• Run Kubernetes on Debian with Minikube
• Deploy Kubernetes Cluster on Linux With k0s
• Install Kubernetes Cluster on Ubuntu using K3s
• Install Kubernetes Cluster on Rocky Linux 8 with Kubeadm & CRI-O
• Deploy k0s Kubernetes on Rocky Linux 9 using k0sctl
• Install Minikube Rocky Linux 9 and Create Kubernetes Cluster

Once a Kubernetes cluster has been set up as desired, confirm that you can use kubectl command:

View the available nodes in the cluster.

$ kubectl get nodes
NAME      STATUS   ROLES           AGE   VERSION
master    Ready    control-plane   80m   v1.24.4+k0s
worker1   Ready    <none>          80m   v1.24.4+k0s
worker2   Ready    <none>          80m   v1.24.4+k0s

You also need to install Helm on your system. The guide below can be used to achieve this:

• Install and Use Helm 3 on Kubernetes Cluster

Verify the installation.

$ helm version
version.BuildInfo{Version:"v3.10.2", GitCommit:"50f003e5ee8704ec937a756c646870227d7c8b58", GitTreeState:"clean", GoVersion:"go1.18.8"}

#2. Create a Persistent Volume for Kubevious

Kubevious runs with a MySQL Pod that requires a persistent volume claim named data-kubevious-mysql-0

Begin by creating an isolated namespace for Kubevious:

kubectl create namespace kubevious

Set it as the default namespace:

kubectl config set-context --current --namespace kubevious

You’ll need StorageClass configured in your cluster. See our guides below on how to setup persistent storage in your Kubernetes cluster.

• Configure NFS as Kubernetes Persistent Volume Storage
• How To Deploy Rook Ceph Storage on Kubernetes Cluster

Confirm the storage class available for use.

$ kubectl get sc
NAME               PROVISIONER          RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-01 (default)   nfs-provisioner-01   Delete          Immediate           true                   10d

The storage class that we’ll use in this guide is named nfs-01 as seen in output above.

You can set the SC as the default storage class:

Storage_Class=nfs-01
kubectl patch storageclass $Storage_Class -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

#3. Deploy Kubevious on Kubernetes

With a Kubernetes cluster setup and Helm v3.2+ installed, you can easily deploy Kubevious in the cluster.

Add the Kubevious Helm repo:

helm repo add kubevious https://helm.kubevious.io

Run the command below to perform an update before using it.

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kubevious" chart repository
...Successfully got an update from the "nfs-subdir-external-provisioner" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈

Install Kubevious on Kubernetes with the command:

helm install kubevious kubevious/kubevious

Sample Output:

NAME: kubevious
LAST DEPLOYED: Tue Sep 13 10:02:38 2022
NAMESPACE: kubevious
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
NKXW              
                                                           WXx:,;oKW            
                                                          Nk;.....,oKW          
                                                          No'.......,oKW        
                                                           Nkc'.......,o0W      
                                                        WKxkNNkc'.......,oKW    
                                                        Kc.'ckNNkc'.......,oKW  
                                    WWWNNNNWW          Nk;...'ckNNkc'.......cK  
                              WX0kdocc:::::clodk0NW  NOc'......'ckNNkc'...'cON  
                           N0dc;'...............:ONNOc'..........'ckNNkl:ckN    
                        WKx:'.................'c0WKl'...........,,;oX  WNW      
                      WKd;.....................;d0X0d;........;d0KXW            
                     Nk:.........................'ckXKx;....;xXW                
                    Xd,............................':kXKo,:xXW                  
                   Xo'...............................'l0NKXNXW                  
                  Wd'..................................;kXOc:O                  
                  Nkooooooooooooooooooooooooooooooooooooxkdod0W                 
             WNK0000000000000000000000000000000000KK0000KKK0000KKXW             
             Kl,''''''''''''''''''''''''''''''''''''''''''''''''';xW            
             NkdoooooooooooooooooooooooooooooooooooooooooooooooooxKW            
                WNKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKNW                
                Nd,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dN                
                Nl....................''''....................oN                
                Nl................';ok000Oko;.................oN                
                Nl...............'oXWKkxxkKWXo'...............oN                
                Nl...............lXWO;....;kWXl...............oN                
                Nl..............'dWWd'.....lNWd'.............'oN                
                WKOkkkkkkkkkkkkkOXWWKOkkkkkKW XOOOOOOOOOOOOOOOKW                

Kubevious v1.0.13 installed!
Access Kubevious by setting up port forwarding
$  kubectl port-forward $(kubectl get pods -n kubevious -l "app.kubernetes.io/component=kubevious-ui" -o jsonpath="{.items[0].metadata.name}") 8080:80 -n kubevious 
and visiting http://127.0.0.1:8080

Verify the deployment:

$ kubectl get deploy
NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
kubevious-backend     1/1     1            1           53s
kubevious-collector   1/1     1            1           53s
kubevious-guard       1/1     1            1           53s
kubevious-parser      1/1     1            1           53s
kubevious-ui          1/1     1            1           53s

$ kubectl get pods
NAME                                   READY   STATUS    RESTARTS   AGE
kubevious-backend-59fd8bc777-hpf6k     1/1     Running   0          4m17s
kubevious-collector-7cb5b9c87d-5ztc2   1/1     Running   0          4m17s
kubevious-guard-669c466bfb-67ctc       1/1     Running   0          4m17s
kubevious-mysql-0                      1/1     Running   0          4m16s
kubevious-parser-64c898fbbb-9tbwv      1/1     Running   0          4m17s
kubevious-redis-0                      1/1     Running   0          4m16s
kubevious-ui-59b8b84c9-swsck           1/1     Running   0          4m17s

View if the PV is bound:

$ kubectl get pv
NAME                 CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                              STORAGECLASS              REASON   AGE
kubevious-local-pv   10Gi       RWO            Retain           Bound    kubevious/data-kubevious-mysql-0   kubevious-local-storage            118s

Also, view the services created:

$ kubectl get svc
NAME                            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubevious-backend-clusterip     ClusterIP   10.106.16.225    <none>        4000/TCP   2m45s
kubevious-collector-clusterip   ClusterIP   10.100.198.48    <none>        4000/TCP   2m45s
kubevious-guard-clusterip       ClusterIP   10.101.41.10     <none>        4000/TCP   2m45s
kubevious-mysql                 ClusterIP   10.105.79.115    <none>        3306/TCP   2m45s
kubevious-parser-clusterip      ClusterIP   10.104.85.82     <none>        4000/TCP   2m45s
kubevious-redis                 ClusterIP   10.109.170.171   <none>        6379/TCP   2m45s
kubevious-ui-clusterip          ClusterIP   10.102.156.222   <none>        80/TCP     2m45s

#4. Exposing the Kubevious Service.

On Kubernetes, there are 3 ways of exposing the service externally. These are NodePort, Loadbalancer, and Ingress.

A. NodePort Service

To expose the service using NodePort, we will execute the command:

$ kubectl expose deployment kubevious-ui --type=NodePort --port=80 --name=kubevious1
service/kubevious1 exposed

Verify the creation:

$ kubectl get svc
NAME                            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubevious-backend-clusterip     ClusterIP   10.106.16.225    <none>        4000/TCP         5m32s
kubevious-collector-clusterip   ClusterIP   10.100.198.48    <none>        4000/TCP         5m32s
kubevious-guard-clusterip       ClusterIP   10.101.41.10     <none>        4000/TCP         5m32s
kubevious-mysql                 ClusterIP   10.105.79.115    <none>        3306/TCP         5m32s
kubevious-parser-clusterip      ClusterIP   10.104.85.82     <none>        4000/TCP         5m32s
kubevious-redis                 ClusterIP   10.109.170.171   <none>        6379/TCP         5m32s
kubevious-ui-clusterip          ClusterIP   10.102.156.222   <none>        80/TCP           5m32s
kubevious1                      NodePort    10.106.51.191    <none>        80:32167/TCP   8s

We have the Kubevious service exposed on port 32167, allow the port through the firewall if you have it active.

#For UFW
sudo ufw allow 32167
 
##For Firewalld
sudo firewall-cmd --add-port=32167/tcp --permanent
sudo firewall-cmd --reload

Now access the Kubevious WebUI using the URL http://node_IP:32167

B. LoadBalancer and Ingress (MetalLB)

If you don’t have MetalLB installed already check out our guide below:

• How To Deploy MetalLB Load Balancer on Kubernetes Cluster

Now after the above config, you can expose the Loadbalancer service with the command:

$ kubectl expose deployment kubevious-ui --type=LoadBalancer --port=80 --name=kubevious2
service/kubevious2 exposed

Verify the creation:

$ kubectl get svc
NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)        AGE
kubevious-backend-clusterip     ClusterIP      10.106.16.225    <none>           4000/TCP       12m
kubevious-collector-clusterip   ClusterIP      10.100.198.48    <none>           4000/TCP       12m
kubevious-guard-clusterip       ClusterIP      10.101.41.10     <none>           4000/TCP       12m
kubevious-mysql                 ClusterIP      10.105.79.115    <none>           3306/TCP       12m
kubevious-parser-clusterip      ClusterIP      10.104.85.82     <none>           4000/TCP       12m
kubevious-redis                 ClusterIP      10.109.170.171   <none>           6379/TCP       12m
kubevious-ui-clusterip          ClusterIP      10.102.156.222   <none>           80/TCP         12m
kubevious1                      NodePort       10.111.165.67    <none>           80:32167/TCP   2m30s
kubevious2                      LoadBalancer   10.101.61.192    192.168.205.40   80:30562/TCP   9s

Now you can access the service using the provided IP address. For example http://192.168.205.40

• Ingress

For Ingress, we will install Traefik Ingress. First, add the Helm repo:

helm repo add traefik https://helm.traefik.io/traefik
helm repo update

Now install the Traefik Ingress Controller:

helm install traefik traefik/traefik

Retrieve the Loadbalancer IP address for the Traefik service:

# kubectl get svc
NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
kubevious-backend-clusterip     ClusterIP      10.96.194.236    <none>           4000/TCP                     8m6s
kubevious-collector-clusterip   ClusterIP      10.99.102.242    <none>           4000/TCP                     8m5s
kubevious-guard-clusterip       ClusterIP      10.97.177.127    <none>           4000/TCP                     8m5s
kubevious-mysql                 ClusterIP      10.111.89.154    <none>           3306/TCP                     8m5s
kubevious-parser-clusterip      ClusterIP      10.103.7.152     <none>           4000/TCP                     8m5s
kubevious-redis                 ClusterIP      10.103.242.85    <none>           6379/TCP                     8m5s
kubevious-ui-clusterip          ClusterIP      10.107.80.18     <none>           80/TCP                       8m5s
kubevious1                      NodePort       10.100.213.150   <none>           80:30789/TCP                 3m6s
kubevious2                      LoadBalancer   10.110.66.189    192.168.205.40   80:30618/TCP                 118s
traefik                         LoadBalancer   10.110.13.33     192.168.205.41   80:30135/TCP,443:30545/TCP   15s

Add a DNS entry for the Traefik service:

$ sudo vim /etc/hosts
192.168.205.41 kubevious.geeksforgeeks.org

Now create and Ingress using the hostname above:

kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubevious
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  rules:
  - host: kubevious.geeksforgeeks.org
    http:
      paths:
       - path: /
         pathType: Prefix
         backend:
              service:
                 name: kubevious-ui-clusterip
                 port: 
                     number: 80
EOF

Verify the creation:

$ kubectl get ing | grep kubevious
kubevious   <none>   kubevious.geeksforgeeks.org             80      27s

You can now access the Kubevious WebUI using the domain name //kubevious.geeksforgeeks.org

#5. Access Kubevious Web UI

Once the service has been exposed using any of the 3 methods, you can access the Kubevious WebUI as shown.

Kubevious works with 4 components:

• Observe
• Guard
• Introspect
• Validate

Under Observe,(Browser tab) you can view the objects in the cluster that include Logic, images, packages e.t.c in cluster with the related warnings and errors.

To use Guard, a CLI extension to validate changes for conflicts, misconfigurations, typos, and violations of best practices for Kubernetes clusters and applications.

This can be done by piping the manifest through the Guard script before applying it with the command:

cat manifests.yaml | sh <(curl -sfL https://run.kubevious.io/validate.sh)

You can view validators.

View the available rules.

You can view the affected objects

Books For Learning Kubernetes Administration:

• Best Kubernetes Study books

Verdict

This guide has provided you with knowledge on how to manage Kubernetes Cluster with Kubevious. We have also demonstrated how to get started with Kubevious. There are more other use cases not provided in this guide, You are now free to explore them on your own.

See more:

• Managing Kubernetes Cluster using Portainer Web Dashboard
• How To Install Kubernetes Dashboard with NodePort
• How To Create Admin User to Access Kubernetes Dashboard
• Install Lens – Best Kubernetes Dashboard & IDE