This provides functionality to check node and pod status as well as api and service availability.
- bin/check-kube-apiserver-available.rb
- bin/check-kube-certs.rb
- bin/check-kube-external-dns-ingresses.rb
- bin/check-kube-external-dns-services.rb
- bin/check-kube-nodes-ready.rb
- bin/check-kube-pods-pending.rb
- bin/check-kube-pods-restarting.rb
- bin/check-kube-pods-running.rb
- bin/check-kube-pods-runtime.rb
- bin/check-kube-service-available.rb
- bin/handler-kube-pod.rb
- bin/metrics-pods.rb
check-kube-apiserver-available.rb
Usage: check-kube-apiserver-available.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
-p, --password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
--kube-config KUBECONFIG Path to a kube config file
check-kube-certs.rb
Usage: ./check-kube-certs.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
-p, --password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
-c, --critical DAYS Number of days to alert critically before certificate expires (default 7 days)
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
--in-namespace Operate in the namespace of the pod running the check (when running in-cluster)
-i NAMESPACES, Include the specified list of namespaces
--include-namespace
--kube-config KUBECONFIG Path to a kube config file
-f, --filter FILTER Label selector for pods to be checked (example -- key1=value1,key2!=value2)
-w, --warn DAYS Number of days to alert warning before certificate expires
check-kube-external-dns-ingresses.rb
Usage:
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version. Defaults to 'v1'
--in-namespace If running in K8S, operate in running namespace
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
-i NAMESPACES, Include the specified list of namespaces, an
--include-namespace empty list includes all namespaces
-f, --filter FILTER Selector filter for ingresses to be checked
--ingresses INGRESSES Optional list of ingresses to check
--kube-config KUBECONFIG Path to a kube config file
check-kube-external-dns-services.rb
Usage:
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version. Defaults to 'v1'
--in-namespace If running in K8S, operate in running namespace
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
-i NAMESPACES, Include the specified list of namespaces, an
--include-namespace empty list includes all namespaces
-f, --filter FILTER Selector filter for services to be checked
--services SERVICES Optional list of services to check.
--kube-config KUBECONFIG Path to a kube config file
check-kube-nodes-ready.rb
Usage: check-kube-nodes-ready.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
-p, --password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--kube-config KUBECONFIG Path to a kube config file
check-kube-pods-pending.rb
Usage: check-kube-pods-pending.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
--token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--in-namespace If running in K8S, operate in running namespace
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
-i NAMESPACES, Include the specified list of namespaces, an
--include-namespace empty list includes all namespaces
-t, --timeout TIMEOUT Threshold for pods to be in the pending state
-f, --filter FILTER Label selector for pods to be checked (example -- key1=value1,key2!=value2)
-p, --pods PODS List of pods to check
-r, --restart COUNT Threshold for number of restarts allowed
--kube-config KUBECONFIG Path to a kube config file
check-kube-pods-restarting.rb
Usage: ./check-kube-pods-restarting.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--in-namespace If running in K8S, operate in running namespace
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
-i NAMESPACES, Include the specified list of namespaces, an
--include-namespace empty list includes all namespaces
-f, --filter FILTER Label selector for pods to be checked (example -- key1=value1,key2!=value2)
-p, --pods PODS List of pods to check
-r, --restart COUNT Threshold for number of restarts allowed
--kube-config KUBECONFIG Path to a kube config file
check-kube-pods-running.rb
Usage: ./check-kube-pods-running.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--in-namespace If running in K8S, operate in running namespace
-n NAMESPACES, Exclude the specified list of namespaces
--exclude-namespace
-i NAMESPACES, Include the specified list of namespaces, an
--include-namespace empty list includes all namespaces
-f, --filter FILTER Label selector for pods to be checked (example -- key1=value1,key2!=value2)
-p, --pods PODS List of pods to check
--kube-config KUBECONFIG Path to a kube config file
check-kube-pods-runtime.rb
Usage: check-kube-pods-runtime.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--in-namespace If running in K8S, operate in running namespace
-c, --critical COUNT Threshold for Pods to be critical
-f, --filter FILTER Label selector for pods to be checked (example -- key1=value1,key2!=value2)
-p, --pods PODS List of pods to check
-w, --warn TIMEOUT Threshold for pods to be in the pending state
--kube-config KUBECONFIG Path to a kube config file
check-kube-service-available.rb
Usage: check-kube-service-available.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--in-namespace If running in K8S, operate in running namespace
-p, --pending SECONDS Time (in seconds) a pod may be pending for and be valid
-l, --list SERVICES List of services to check (required)
--kube-config KUBECONFIG Path to a kube config file
handler-kube-pod.rb
Usage: handler-kube-pod.rb (options)
-j, --json JSONCONFIG Configuration name
JSONCONFIG
defaults to k8s
.
{
"k8s": {
"server": "https://kubernetes/",
"version": "v1",
"incluster": false,
"ca_file": "/certs/ca.crt.pem",
"client_cert_file": "/certs/client.crt.pem",
"client_key_file": "/private/client.key.pem",
"username": "alice",
"password": "secret",
"token": "incomprehensible.token.string",
"token_file": "/secret/token"
}
}
metrics-pods
Usage: metrics-pods.rb (options)
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--in-cluster Use service account authentication
--password PASSWORD If user is passed, also pass a password
-s, --api-server URL URL to API server
-t, --token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
-u, --user USER User with access to API
-v, --api-version VERSION API version
--kube-config KUBECONFIG Path to a kube config file
--in-namespace If running in K8S, operate in running namespace
api_server
and api_version
can still be used for backwards compatibility,
but server
and version
will take precedence.
Of the Kubernetes connection options:
--api-server URL URL to API server
--api-version VERSION API version
--in-cluster Use service account authentication
--ca-file CA-FILE CA file to verify API server cert
--cert CERT-FILE Client cert to present
--key KEY-FILE Client key for the client cert
--user USER User with access to API
--password PASSWORD If user is passed, also pass a password
--token TOKEN Bearer token for authorization
--token-file TOKEN-FILE File containing bearer token for authorization
--kube-config KUBECONFIG Path to a kube config file
Only the API server option is required, however it does default to the KUBERNETES_MASTER
environment variable, or you can use the in-cluster option. The other options are to be used as needed.
The default API version is v1
.
The in-cluster option provides defaults for:
- The server URL, using the
KUBERNETES_SERVICE_HOST
andKUBERNETES_SERVICE_PORT
environment variables. - The API CA file, using the service account CA file if it exists. (
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
) - The API token, using the service account token file. (
/var/run/secrets/kubernetes.io/serviceaccount/token
)
If the Kubernetes API provides a server certificate, it is only validated if a CA file is provided.
The client certificate and client private key are optional, but if one is provided then the other must also be provided.
Only one of the authentication methods (user, token, or token file) can be used. For example, using a username and a token, or a token and a token file, will produce an error.
If the 'user' authentication method is used, a password must also be provided.
The kubeconfig options enable the usage of a kubeconfig file, which is a yaml file which defines the authentication and TLS config. More information about kubeconfig files can be found in the Kubernetes Docs