As the use of Kubernetes continues to increase in enterprises, issues such as monitoring and troubleshooting are becoming increasingly important.
In large enterprise organizations, DevOps and SRE engineers spend most of their time on troubleshooting and fixing problems. With the recently developing artificial intelligence technologies, important tools that can help engineers in this field are also available to engineers. One of these is the K8sGPT tool.
So what is this K8sGPT?
K8sGPT is an artificial intelligence-supported tool that will help you detect and fix problems by scanning your kubernetes clusters.
What can you do with K8sGPT?
Workload health analysis
You can scan your Kubernetes clusters and detect workload-related issues.
Fast prioritization and AI analysis
You can use AI to deeply analyze your Kubernetes clusters.
Streamlining
Turns complex details into easy-to-understand recommendations.
Security CVE review
You can connect to scanners like Trivy and prioritize issues.
How to install K8sGPT?
Homebrew
You can install K8sGPT with homebrew using the following command.
brew tap k8sgpt-ai/k8sgpt
brew install k8sgptOther installation options
You can select the version you want to install from the GitHub page.
https://github.com/k8sgpt-ai/k8sgpt/releases
RPM-based (RedHat/CentOS/Fedora)
32 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_386.rpm
sudo rpm -ivh k8sgpt_386.rpm64 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_amd64.rpm
sudo rpm -ivh -i k8sgpt_amd64.rpmDEB-based (Ubuntu/Debian)
32 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_386.deb
sudo dpkg -i k8sgpt_386.deb64 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_amd64.deb
sudo dpkg -i k8sgpt_amd64.debAPK-based (Alpine)
32 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_386.apk
apk add k8sgpt_386.apk64 bit:
curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.24/k8sgpt_amd64.apk
apk add k8sgpt_amd64.apkYou can check if K8sGPT is installed correctly with the following command.
k8sgpt versionK8sGPT Usage
First of all, the client that you will use the K8sGPT command must be able to connect to the kubernetes cluster. The tool will authenticate to the kubernetes cluster using the existing kubeconfig file.
Then an API Key must be created from OpenAI via this link. K8sGPT will analyze your cluster using this key, but the point to be considered here is that OpenAI provides this service for a fee. Therefore, you must have sufficient funds in your account.
Note: You can create an API key and run tests by uploading at least 5 dollars to your account. As you use K8sGPT, the usage will decrease in your balance.
https://platform.openai.com/api-keys
Generate the token from the backend with the following command.
k8sgpt generateThen, using the command below, the API key you received from OpenAI is added to the K8sGPT config.
k8sgpt auth add --backend openai --model gpt-3.5-turboAfter completing these steps, you can start using k8sgpt commands.
As an example, let’s create a misconfigured pod in kubernetes cluster as below. We save the following yaml file as broken-pod.yaml.
apiVersion: v1
kind: Pod
metadata:
name: broken-pod
namespace: default
spec:
containers:
- name: broken-pod
image: nginx:1.3.b
livenessProbe:
httpGet:
path: /
port: 81
initialDelaySeconds: 3
periodSeconds: 3As you will notice, we intentionally entered the image tag wrong in this yaml file.
Then we create this pod under the default namespace with the following command.
kubectl apply -f broken-pod.yamlThen we see that the pod we created with the kubectl get pods command gives an error because it cannot pull the image.
kubectl get pods -n default
After this stage, we can now start analyzing our cluster with K8sGPT.
k8sgpt analyzeand we will get an output similar to the following.
If you want more details about the problem and help in solving it, you can run the following command.
k8sgpt analyze --explainYou will get an output similar to the one below.
Integration with Trivy
Trivy is an open source software that scans the vulnerabilities in your system and presents them in a report.
With K8sGPT’s trivy integration, you can easily detect vulnerabilities in your kubernetes cluster and get detailed reports about these vulnerabilities and solutions.
You can activate trivy integration with the command below. This command will also automatically install trivy with helm in the existing namespace.
k8sgpt integration activate trivyAfter the Trivy integration is activated, you can report the vulnerabilities in your cluster with all the details by using K8sGPT’s filtering feature.
k8sgpt analyze --explain --filter VulnerabilityReport
If you want to deactivate the Trivy integration, you can use the following command.
k8sgpt integration deactivate trivyConclusion
K8sGPT is an application that can be of great benefit to DevOps and SRE engineers in detecting and reporting all problems at once, especially in large kubernetes clusters. The fact that it can also integrate with security applications such as Trivy will help in detecting and fixing security vulnerabilities.
Although it is not possible to scan for free due to the use of OpenAI’s API, it will make a great contribution to detecting and fixing problems in your Kubernetes cluster with very small costs.
You can access the github repository of the project from the link below.
