/kubepug

Kubernetes PreUpGrade (Checker)

Primary LanguageGoApache License 2.0Apache-2.0

Deprecations AKA KubePug - Pre UpGrade (Checker)

DeepSource codebeat badge

Kubepug

KubePug/Deprecations is intended to be a kubectl plugin, which:

  • Downloads a swagger.json from a specific Kubernetes version
  • Parses this Json finding deprecation notices
  • Verifies the current kubernetes cluster or input files checking wether exists objects in this deprecated API Versions, allowing the user to check before migrating

How to use it as a krew plugin

Just run kubectl krew install deprecations

How to Use it as a standalone program

Download the correct version from Releases page.

After that, the command can be used just as kubectl, but with the following flags:

$ kubepug --help
[...]
Flags:
      --api-walk                 Wether to walk in the whole API, checking if all objects type still exists in the current swagger.json. May be IO intensive to APIServer. Defaults to true (default true)
      --cluster string           The name of the kubeconfig cluster to use
      --context string           The name of the kubeconfig context to use
      --description              DEPRECATED FLAG - Wether to show the description of the deprecated object. The description may contain the solution for the deprecation. Defaults to true (default true)
      --error-on-deleted         If a deleted object is found, the program will exit with return code 1 instead of 0. Defaults to false
      --error-on-deprecated      If a deprecated object is found, the program will exit with return code 1 instead of 0. Defaults to false
      --filename string          Name of the file the results will be saved to, if empty it will display to stdout
      --force-download           Wether to force the download of a new swagger.json file even if one exists. Defaults to false
      --format string            Format in which the list will be displayed [stdout, plain, json, yaml] (default "stdout")
  -h, --help                     help for kubepug
      --input-file string        Location of a file or directory containing k8s manifests to be analized
      --k8s-version string       Which kubernetes release version (https://github.com/kubernetes/kubernetes/releases) should be used to validate objects. Defaults to master (default "master")
      --kubeconfig string        Path to the kubeconfig file to use for CLI requests.
      --swagger-dir string       Where to keep swagger.json downloaded file. If not provided will use the system temporary directory
      --tls-server-name string   Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
  -v, --verbosity string         Log level: debug, info, warn, error, fatal, panic (default "warning")
      --version                  version for kubepug

Checking a Kubernetes Cluster

You can check the status of a running cluster with the following command.

$ kubepug --k8s-version=v1.18.6 # Will verify the current context against v1.18.6 swagger.json
[...]
RESULTS:
Deprecated APIs:

Ingress found in extensions/v1beta1
         ├─ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc. DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information.
                -> OBJECT: nginxnok namespace: default
                -> OBJECT: nginxok namespace: default


Deleted APIs:

DaemonSet found in extensions/v1beta1
         ├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
                -> OBJECT: kindnet namespace: kube-system
                -> OBJECT: kube-proxy namespace: kube-system

Deployment found in extensions/v1beta1
         ├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
                -> OBJECT: coredns namespace: kube-system
                -> OBJECT: local-path-provisioner namespace: local-path-storage

ReplicaSet found in extensions/v1beta1
         ├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
                -> OBJECT: coredns-6dcc67dcbc namespace: kube-system
                -> OBJECT: local-path-provisioner-56fcf95c58 namespace: local-path-storage

Putting Kubepug in your CI / Checking input files

You can verify files with the following:

$ kubepug --input-file=./deployment/ --error-on-deleted --error-on-deprecated

With the command above

  • The swagger.json from master branch will be used
  • All YAML files (excluding subdirectories) will be verified
  • The program will exit with an error if deprecated or deleted objects are found.

Air-gapped environment

This happens when you have a secure environment that does not have an internet connectivity.

Steps to follow:

  1. Download swagger file in a machine that has internet connection

$ curl -o swagger-v1.17.0.json https://raw.githubusercontent.com/kubernetes/kubernetes/v1.17.0/api/openapi-spec/swagger.json

  1. Securely move the json file to your Air-Gapped environment, to the folder of your choosing. This folder will be used by kubepug.

  2. Execute kubepug with the option swagger-dir, like this

$ kubepug --k8s-version=v1.17.0 --swagger-dir=/your/swagger/folder

This will verify the current context against the swagger file we downloaded and copied over manually

Example of Usage in CI with Github Actions

name: Sample CI Workflow
# This workflow is triggered on pushes to the repository.
on: [push]
env:
  HELM_VERSION: "v3.2.4"
  K8S_TARGET_VERSION: "v1.16.0"

jobs:
 api-deprecations-test:
    runs-on: ubuntu-latest
    steps:
      - name: Check-out repo
        uses: actions/checkout@v2

      - name: Install Helm and Kubepug binaries
        run: |
          mkdir -p ~/bin
          curl -sSL https://github.com/rikatz/kubepug/releases/latest/download/kubepug_linux_amd64.tar.gz | tar xvfz - --overwrite -C ~/bin/
          curl -sSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar xvfz - -C ~/bin/ --wildcards --strip 1 '*/helm'
      
      - name: Run Kubepug with your Helm Charts Repository
        run: |
          find charts -mindepth 1 -maxdepth 1 -type d | xargs -t -n1 -I% /bin/bash -c '~/bin/helm template % --api-versions ${K8S_TARGET_VERSION} | ~/bin/kubepug --error-on-deprecated --error-on-deleted --k8s-version ${K8S_TARGET_VERSION} --input-file /dev/stdin'

Screenshot

Kubepug

References

As I've used this project to learn Go and also some Kubernetes client-go some parts of this plugin are based in Caio Begotti's Pod-Tree, Ahmet Balkan kubectl-tree and Bitnami Kubecfg

Logo based in Mão vetor criado por freepik - br.freepik.com