KubePug/Deprecations is intended to be a kubectl plugin, which:
- Downloads a swagger.json from a specific Kubernetes version
- Parses this Json finding deprecation notices
- Verifies the current kubernetes cluster or input files checking wether exists objects in this deprecated API Versions, allowing the user to check before migrating
Just run kubectl krew install deprecations
Download the correct version from Releases page.
After that, the command can be used just as kubectl, but with the following flags:
$ kubepug --help
[...]
Flags:
--api-walk Wether to walk in the whole API, checking if all objects type still exists in the current swagger.json. May be IO intensive to APIServer. Defaults to true (default true)
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--description DEPRECATED FLAG - Wether to show the description of the deprecated object. The description may contain the solution for the deprecation. Defaults to true (default true)
--error-on-deleted If a deleted object is found, the program will exit with return code 1 instead of 0. Defaults to false
--error-on-deprecated If a deprecated object is found, the program will exit with return code 1 instead of 0. Defaults to false
--filename string Name of the file the results will be saved to, if empty it will display to stdout
--force-download Wether to force the download of a new swagger.json file even if one exists. Defaults to false
--format string Format in which the list will be displayed [stdout, plain, json, yaml] (default "stdout")
-h, --help help for kubepug
--input-file string Location of a file or directory containing k8s manifests to be analized
--k8s-version string Which kubernetes release version (https://github.com/kubernetes/kubernetes/releases) should be used to validate objects. Defaults to master (default "master")
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
--swagger-dir string Where to keep swagger.json downloaded file. If not provided will use the system temporary directory
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
-v, --verbosity string Log level: debug, info, warn, error, fatal, panic (default "warning")
--version version for kubepug
You can check the status of a running cluster with the following command.
$ kubepug --k8s-version=v1.18.6 # Will verify the current context against v1.18.6 swagger.json
[...]
RESULTS:
Deprecated APIs:
Ingress found in extensions/v1beta1
├─ Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc. DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information.
-> OBJECT: nginxnok namespace: default
-> OBJECT: nginxok namespace: default
Deleted APIs:
DaemonSet found in extensions/v1beta1
├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
-> OBJECT: kindnet namespace: kube-system
-> OBJECT: kube-proxy namespace: kube-system
Deployment found in extensions/v1beta1
├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
-> OBJECT: coredns namespace: kube-system
-> OBJECT: local-path-provisioner namespace: local-path-storage
ReplicaSet found in extensions/v1beta1
├─ API REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
-> OBJECT: coredns-6dcc67dcbc namespace: kube-system
-> OBJECT: local-path-provisioner-56fcf95c58 namespace: local-path-storage
You can verify files with the following:
$ kubepug --input-file=./deployment/ --error-on-deleted --error-on-deprecated
With the command above
- The swagger.json from master branch will be used
- All YAML files (excluding subdirectories) will be verified
- The program will exit with an error if deprecated or deleted objects are found.
This happens when you have a secure environment that does not have an internet connectivity.
Steps to follow:
- Download swagger file in a machine that has internet connection
$ curl -o swagger-v1.17.0.json https://raw.githubusercontent.com/kubernetes/kubernetes/v1.17.0/api/openapi-spec/swagger.json
-
Securely move the json file to your Air-Gapped environment, to the folder of your choosing. This folder will be used by
kubepug
. -
Execute
kubepug
with the optionswagger-dir
, like this
$ kubepug --k8s-version=v1.17.0 --swagger-dir=/your/swagger/folder
This will verify the current context against the swagger file we downloaded and copied over manually
name: Sample CI Workflow
# This workflow is triggered on pushes to the repository.
on: [push]
env:
HELM_VERSION: "v3.2.4"
K8S_TARGET_VERSION: "v1.16.0"
jobs:
api-deprecations-test:
runs-on: ubuntu-latest
steps:
- name: Check-out repo
uses: actions/checkout@v2
- name: Install Helm and Kubepug binaries
run: |
mkdir -p ~/bin
curl -sSL https://github.com/rikatz/kubepug/releases/latest/download/kubepug_linux_amd64.tar.gz | tar xvfz - --overwrite -C ~/bin/
curl -sSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar xvfz - -C ~/bin/ --wildcards --strip 1 '*/helm'
- name: Run Kubepug with your Helm Charts Repository
run: |
find charts -mindepth 1 -maxdepth 1 -type d | xargs -t -n1 -I% /bin/bash -c '~/bin/helm template % --api-versions ${K8S_TARGET_VERSION} | ~/bin/kubepug --error-on-deprecated --error-on-deleted --k8s-version ${K8S_TARGET_VERSION} --input-file /dev/stdin'
As I've used this project to learn Go and also some Kubernetes client-go some parts of this plugin are based in Caio Begotti's Pod-Tree, Ahmet Balkan kubectl-tree and Bitnami Kubecfg
Logo based in Mão vetor criado por freepik - br.freepik.com