Kubeye

Autre code source

v1.0.2 ?

Télécharger

Anglais | Chine

KubeEye est un outil d'inspection de cluster natif cloud spécialement conçu pour Kubernetes, capable d'identifier les problèmes et les risques au sein du cluster Kubernetes sur la base de règles personnalisées.

Démarrage rapide

Installation

Téléchargez le package d'installation à partir des versions, qui comprend un graphique Helm, des règles de démonstration et des images pour une installation hors ligne.

VERSION=v1.0.0

wget https://github.com/kubesphere/kubeeye/releases/download/ ${VERSION} /kubeeye-offline- ${VERSION} .tar.gz

tar -zxvf kubeeye-offline- ${VERSION} .tar.gz

cd kubeeye-offline- ${VERSION}

# offline installation, please import the images in the 'images' folder into the local container repository yourself and modify the images repo in `chart/kubeeye/values.yaml`.

helm upgrade --install kubeeye chart/kubeeye -n kubeeye-system --create-namespace

Usage

Importer des règles d'inspection

Le répertoire rule du package d'installation fournit des règles de démonstration, qui peuvent être personnalisées en fonction de besoins spécifiques.

Remarque : Les règles Prometheus doivent avoir le point de terminaison de Prometheus défini à l'avance.

kubectl apply -f rule

Créer un plan d'inspection

Configurez des plans d'inspection à la demande.

cat > plan.yaml << EOF
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectPlan
metadata:
  name: inspectplan
spec:
  # The planned time for executing inspections only supports cron expressions. For example, '*/30 * * * ?' means that the inspection will be performed every 30 minutes.'
  # If only a single inspection is required, then remove this parameter.
  schedule: "*/30 * * * ?"
  # The maximum number of retained inspection results, if not filled in, will retain all.
  maxTasks: 10 
  # Should the inspection plan be paused, applicable only to periodic inspections, true or false (default is false).
  suspend: false
  # Inspection timeout, default 10 minutes.
  timeout: 10m
  # Inspection rule list, used to associate corresponding inspection rules, please fill in the inspectRule name.
  # Execute ` kubectl get inspectrule ` to view the inspection rules in the cluster.
  ruleNames:
    - name: inspect-rule-filter-file
    - name: inspect-rule-node-info
    - name: inspect-rule-node
    - name: inspect-rule-sbnormalpodstatus 
    - name: inspect-rule-deployment
    - name: inspect-rule-sysctl
    - name: inspect-rule-prometheus
    - name: inspect-rule-filechange
    - name: inspect-rule-systemd
  # nodeName: master
  # nodeSelector:
  #   node-role.kubernetes.io/master: ""        
  # Multi-cluster inspection (currently only supports multi-cluster inspection in KubeSphere)
  # clusterName: 
  # - name: host
EOF


kubectl apply -f plan.yaml

Obtention des rapports d'inspection

Vérifier les résultats de l'inspection

 # View the name of the inspection result for inspection report download.
kubectl get inspectresult

Commande

 # # Get the address and port of kubeeye-apiserver service.
kubectl get svc -n kubeeye-system kubeeye-apiserver -o custom-columns=CLUSTER-IP:.spec.clusterIP,PORT:.spec.ports[ * ].port

# # Download the inspection report, and please replace <> with the actual information obtained from the environment.
curl http:// < svc-ip > :9090/kapis/kubeeye.kubesphere.io/v1alpha2/inspectresults/ < result name > ? type = html -o inspectReport.html

# # After downloading, you can use a browser to open the HTML file for viewing.

Console Web

 # # Create a nodePort type svc for kubeeye-apiserver.
kubectl -n kubeeye-system expose deploy kubeeye-apiserver --port=9090 --type=NodePort --name=ke-apiserver-node-port

# # Enter the inspection report URL in the browser to view, and remember to replace <> with the actual information obtained from the environment.
http:// < node address > : < node port > /kapis/kubeeye.kubesphere.io/v1alpha2/inspectresults/ < result name > ? type=html