Kubediff: a tool for Kubernetes to show differences between running state and version controlled configuration.

Related tags

DevOps Toolspythonkubernetesobservabilitygitops
Overview

Kubediff

Kubediff is a tool for Kubernetes to show you the differences between your running configuration and your version controlled configuration.

Kubediff can be run from the command line:

$ ./kubediff
usage: kubediff [-h] [--kubeconfig KUBECONFIG] [--context CONTEXT] [--namespace NAMESPACE] [--json] [--no-error-on-diff] [paths ...]

     _          _             _  _   __   __
    | |__ _  _ | |__  ___  __| |(_) / _| / _|
    | / /| || || '_ \/ -_)/ _` || ||  _||  _|
    |_\_\ \_,_||_.__/\___|\__,_||_||_|  |_|

    Compare yaml files in path(s) to running state in kubernetes and print the
    differences. This is useful to ensure you have applied all your changes
    to the appropriate environment. This tools runs kubectl, so unless your
    ~/.kube/config is configured for the correct environment, you will need
    to supply the kubeconfig for the appropriate environment.

positional arguments:
  paths                  path(s) from which kubediff will look for configuration files

optional arguments:
  -h, --help            show this help message and exit
  --kubeconfig KUBECONFIG, -k KUBECONFIG
                        path to kubeconfig
  --context CONTEXT, -c CONTEXT
                        name of kubeconfig context to use
  --namespace NAMESPACE, -n NAMESPACE
                        Namespace to assume for objects where it is not specified (default = Kubernetes default for current context)
  --json, -j            output in json format
  --no-error-on-diff, -e
                        don't exit with 2 if diff exists

For example:

$ ./kubediff k8s
Checking ReplicationController 'kubediff'
 *** .spec.template.spec.containers[0].args[0]: '-repo=https://github.com/weaveworks/kubediff' != '-repo=https://github.com/
   
    '
Checking Secret 'kubediff-secret'
Checking Service 'kubediff'

Make sure the dependencies are installed first:

$ pip install -r requirements.txt

Kubediff can also be run as a service on Kubernetes, periodically downloading the latest configuration from Github, comparing it to the running configuration. In this mode Kubediff will also offers a very simple UI showing the output and export the result to Prometheus, all courtesy to prom-run.

To deploy to Kubernetes, you much first make a copy of the YAML files in k8s and update the following fields:

  • kubediff-rc.yaml the first argument to git-sync must be the location of the config repo, and the last argument to kubediff must the the location in this repo of your config.
  • kubediff-secret.yaml the username and password must be set to valid github OAuth token.

Once you have updated the config, the following commands should bring up the service:

$ kubectl create -f k8s
replicationcontroller "kubediff" created
secret "kubediff-secret" created
service "kubediff" created

And to view the UI, run the follow command and go to http://localhost:4040

`$ kubectl port-forward $(kubectl get pod --selector=name=kubediff -o jsonpath={.items..metadata.name}) 4040:80`

Kubediff Screenshot

This service exports the exit code of the kubediff as a Prometheus metric; a suitable alert can be setup for persistent differences:

ALERT Kubediff
  IF          max(command_exit_code{job="kubediff"}) != 0
  FOR         2h
  LABELS      { severity="warning" }
  ANNOTATIONS {
    summary = "Kubediff has detected a difference in running config.",
    description = "Kubediff has detected a difference in running config.",
  }

These alerts can be sent to Slack, for example:

Slack Alert

compare-images

To quickly see how two sets of configurations differ, purely in terms of images:

$ ./compare-images ../service-conf/k8s/dev/ ../service-conf/k8s/prod/
Image                          dev                   prod
-----------------------------  --------------------  --------------------
quay.io/weaveworks/grafana     master-0fc7cc2        master-08fd09d
quay.io/weaveworks/prometheus  master-0fc7cc2        master-4fb2aed
quay.io/weaveworks/ui-server   master-2899c36        master-45d67b3
tomwilkie/prometheus           frankenstein-8a5ec1b  frankenstein-ebe5808
weaveworks/scope               master-1a1021c        master-14d0e4e

Build

mkdir -p $GOPATH/src/github.com/prometheus && cd "$_"
git clone [email protected]:prometheus/client_golang.git
mkdir -p $GOPATH/src/github.com/weaveworks && cd "$_"
git clone [email protected]:weaveworks/kubediff.git
cd kubediff
make

Getting Help

If you have any questions about, feedback for or problems with kubediff:

Weaveworks follows the CNCF Code of Conduct. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a Weaveworks project maintainer, or Alexis Richardson ([email protected]).

Your feedback is always welcome!

Owner
Weaveworks
weaving containers into applications
Weaveworks
GitHub Repository
Create pinned requirements.txt inside a Docker image using pip-tools

Pin your Python dependencies! pin-requirements.py is a script that lets you pin your Python dependencies inside a Docker container. Pinning your depen

4 Aug 18, 2022
🐳 Docker templates for various languages.

Docker Deployment Templates One Stop repository for Docker Compose and Docker Templates for Deployment. Features Python (FastAPI, Flask) Screenshots D

CodeChef-VIT 6 Aug 28, 2022
A Habitica Integration with Github Workflows.

Habitica-Workflow A Habitica Integration with Github Workflows. How To Use? Fork (and Star) this repository. Set environment variable in Settings - S

Priate 2 Dec 20, 2021
a CLI that provides a generic automation layer for assessing the security of ML models

Counterfit About | Getting Started | Learn More | Acknowledgments | Contributing | Trademarks | Contact Us -------------------------------------------

Microsoft Azure 575 Jan 02, 2023
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.

Welcome to the Spinnaker Project Spinnaker is an open-source continuous delivery platform for releasing software changes with high velocity and confid

8.8k Jan 07, 2023
A Kubernetes operator that creates UptimeRobot monitors for your ingresses

This operator automatically creates uptime monitors at UptimeRobot for your Kubernetes Ingress resources. This allows you to easily integrate uptime monitoring of your services into your Kubernetes d

Max 49 Dec 14, 2022
Webinar oficial Zabbix Brasil. Uma série de 4 aulas sobre API do Zabbix.

Repositório de scripts do Webinar de API do Zabbix Webinar oficial Zabbix Brasil. Uma série de 4 aulas sobre API do Zabbix. Nossos encontros [x] 04/11

Robert Silva 7 Mar 31, 2022
Simple ssh overlay for easy, remote server management written in Python GTK with paramiko

Simple "ssh" overlay for easy, remote server management written in Python GTK with paramiko

kłapouch 3 May 01, 2022
Manage your SSH like a boss.

--- storm is a command line tool to manage your ssh connections. features adding, editing, deleting, listing, searching across your SSHConfig. command

Emre Yılmaz 3.9k Jan 03, 2023
Autoscaling volumes for Kubernetes (with the help of Prometheus)

Kubernetes Volume Autoscaler (with Prometheus) This repository contains a service that automatically increases the size of a Persistent Volume Claim i

DevOps Nirvana 142 Dec 28, 2022
CTF infrastructure deployment automation tool.

CTF infrastructure deployment automation tool. Focus on the challenges. Mirrored from

Fake News 1 Apr 12, 2022
gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.

Gunicorn Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn

Benoit Chesneau 8.7k Jan 08, 2023
Manage your azure VM easily!

Azure-manager Manage your VM in Azure using cookies.

Team 1injex 129 Dec 17, 2022
This Docker container is build to run on a server an provide an easy to use interface for every student to vote for their councilors

This Docker container is build to run on a server and provide an easy to use interface for every student to vote for their councilors.

Robin Adelwarth 7 Nov 23, 2022
Apache Airflow - A platform to programmatically author, schedule, and monitor workflows

Apache Airflow Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. When workflows are define

The Apache Software Foundation 28.6k Jan 01, 2023
Docker Container wallstreetbets-sentiment-analysis

Docker Container wallstreetbets-sentiment-analysis A docker container using restful endpoints exposed on port 5000 "/analyze" to gather sentiment anal

145 Nov 22, 2022
Oncall is a calendar tool designed for scheduling and managing on-call shifts. It can be used as source of dynamic ownership info for paging systems like http://iris.claims.

Oncall See admin docs for information on how to run and manage Oncall. Development setup Prerequisites Debian/Ubuntu - sudo apt-get install libsasl2-d

LinkedIn 928 Dec 22, 2022
Ganeti is a virtual machine cluster management tool built on top of existing virtualization technologies such as Xen or KVM and other open source software.

Ganeti 3.0 =========== For installation instructions, read the INSTALL and the doc/install.rst files. For a brief introduction, read the ganeti(7) m

395 Jan 04, 2023
Ansible for DevOps examples.

Ansible for DevOps Examples This repository contains Ansible examples developed to support different sections of Ansible for DevOps, a book on Ansible

Jeff Geerling 6.6k Jan 08, 2023
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.

Glances - An eye on your system Summary Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information thr

Nicolas Hennion 22k Jan 08, 2023