Kubernetes
Popeye 是一种实用程序,可扫描实时 Kubernetes 集群并报告已部署资源和配置的潜在问题。它根据部署的内容为集群消毒。通过扫描集群,它可以检测错误配置并确保最佳实践到位,从而防止未来出现问题。它旨在减少在运行 Kubernetes 集群时面临的认知过载。此外,如果集群使用metric-server,它会报告潜在的资源分配过多/不足,并在集群容量不足时尝试警告。
Popeye 是一个只读工具,它不会以任何方式改变任何 Kubernetes 资源!Popeye 会扫描集群以寻找最佳实践和潜在问题。目前,Popeye 只查看节点、命名空间、pod 和服务。消毒器的目的是发现错误配置,即端口不匹配、无效或未使用的资源、指标利用率、探针、容器映像、RBAC 规则、裸露资源等。
k8s集群潜在问题扫描工具—Popeye - 图1

安装

Popeye 适合 Kubernetes 1.13+,可以将 Popeye 容器化并作为一次性或 CronJob 直接在 Kubernetes 集群中运行。它可在 Linux、MacOS 和 Windows 平台上使用。
下面在linux演示Popeye的使用:

  1. wget https://github.com/derailed/popeye/releases/download/v0.9.8/popeye_Linux_x86_64.tar.gztar -zxf popeye_Linux_x86_64.tar.gz
  2. tar -zxf popeye_Linux_x86_64.tar.gz

检查版本

  1. # ./popeye version
  2.  ___     ___ _____   _____                       K          .-'-.     
  3. | _ \___| _ \ __\ \ / / __|                       8     __|      `\  
  4. |  _/ _ \  _/ _| \ V /| _|                         s   `-,-`--._   `\
  5. |_| \___/_| |___| |_| |___|                       []  .->'  a     `|-'
  6.   Biffs`em and Buffs`em!                            `=/ (__/_       /  
  7.                                                       \_,    `    _)  
  8.                                                          `----;  |     
  9. Version:   0.9.8
  10. Commit:    6db27f04407b337f6743faf4f382a61991aa5f31
  11. Date:      2021-11-02T21:26:28Z
  12. Logs:

执行扫描,默认扫描所有namespace

  1. # ./popeye
  2. # ....
  3. STATEFULSETS (5 SCANNED)                                                       💥 2 😱 3 🔊 0  0 0٪
  4. ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
  5.   · default/dubbo-monitor..........................................................................💥
  6.     😱 [POP-500] Zero scale detected.
  7.     🐳 dubbo-monitor
  8.       💥 [POP-100] Untagged docker image in use.
  9.       😱 [POP-106] No resources requests/limits defined.
  10.   · default/mongodb................................................................................😱
  11.     🐳 mongodb
  12.       😱 [POP-106] No resources requests/limits defined.
  13.   · default/redis..................................................................................💥
  14.     🐳 init-redis
  15.       💥 [POP-100] Untagged docker image in use.
  16.       😱 [POP-106] No resources requests/limits defined.
  17.     🐳 redis
  18.       😱 [POP-106] No resources requests/limits defined.
  19.   · default/redis-test.............................................................................😱
  20.     😱 [POP-500] Zero scale detected.
  21.     🐳 redis
  22.       😱 [POP-106] No resources requests/limits defined.
  23.   · default/zookeeper-one..........................................................................😱
  24.     🐳 zookeeper-one
  25.       😱 [POP-106] No resources requests/limits defined.
  28. SUMMARY
  29. ┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅
  30. Your cluster score: 74 -- C

可以看到当前集群评分为74:C
可以用-n参数指定namespace。
输出格式默认输出到控制台,也可以输出json、html、yaml等格式,可以将输出内容push到第三方服务,S3桶。
输出html格式到文件:

  1. ./popeye --out html --save  --output-file log.html
  2. /tmp/popeye/log.html

然后在浏览器中打开。
image.png
了解Popeye更多信息,请移步:https://github.com/derailed/popeye