To learn different Kubectl Plugins via Krew Plugin Manager
To manage and operate different Kubernetes-related tasks, kubectl is one of the handiest and most powerful tools to be used. With its core features, we can do various tasks like creating pod resources, listing them, and so on.
But sometimes Kubernetes-admin and users might need to perform tasks that core features of kubectl can’t do like to visualize the RBAC roles of the cluster to understand it more properly, switch between different contexts, and namespaces easily, and so on.
So, to solve this, kubectl plugins got introduced which will extend the functionality of kubectl, and to manage these plugins krew, a plugin manager is used.
About Krew
Krew is a plugin manager for kubectl. Krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, helm, or any other package manager.
Lab With Krew Plugin Manager
As we triggered the lab through the LAB SETUP button, a terminal, and an IDE comes for us which already have a Kubernetes cluster running in them. This can be checked by running the kubectl get nodes command.
kubectl get nodes -o wide
Installation of Krew
- Krew can be installed in different ways according to the types of systems. Check the installation through
kubectl krew
- Check more details about Krew, as Krew itself is a kubectl plugin that can be updated through Krew (self-hosts)
kubectl krew version
- List out the plugins available through Krew
kubectl krew search
Different Kubectl Plugins
KUBECTX
It is a plugin that helps in switching between multiple contexts quickly.
- Installing kubectx through Krew
kubectl krew install ctx
- To list all the contexts
kubectl ctx
kubectl ctx --help
KUBENS
It is a plugin that helps in switching between Kubernetes namespaces easily.
- Installing kubens through Krew
kubectl krew install ns
- To list all the namespaces of the cluster
kubectl ns
kubectl ns --help
- To get the current namespace in the current context
kubectl ns -c
EXAMPLE
It is a plugin useful for retrieving resource example/template YAMLs, like config map or anything.
- Installing example through Krew
kubectl krew install example
- To get a template for ingress
kubectl example ingress
- To get a template for configmap
kubectl example configmap
IMAGES
It is a plugin useful for listing out all images in the cluster. It first calls kubectl get pods to retrieve pod details and then filters out the container images from it and present them in a table form.
- Installing images through Krew
kubectl krew install images
kubectl images --help
- To get all the images present in the
kube-systemnamespace
kubectl images -n kube-system
TREE
A kubectl plugin to explore ownership relationships between Kubernetes objects through ownersReferences to them. In simple words, a kubectl plugin to browse Kubernetes object hierarchies as a tree
- Installing tree through Krew
kubectl krew install tree
- First, create a nginx deployment and apply a tree to it
kubectl create deploy nginx-deploy --image=nginx:alpine --replicas=3
kubectl get deployments
kubectl tree deployment nginx-deploy
- Update the nginx image in the deployment and then again apply tree on it
kubectl set image deployment/nginx-deploy nginx=nginx:latest
kubectl tree deployment nginx-deploy
- Check the replica sets and delete the existing deployment
kubectl get rs
kubectl delete deploy nginx-deploy
POPEYE
It is a known Kubernetes cluster sanitizer that scans live Kubernetes clusters and reports potential issues with deployed resources and configurations.
- Installing popeye through Krew
kubectl krew install popeye
kubectl popeye --help
- Create an Nginx pod and then apply the popeye plugin to it.
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
app: nginx
spec:
containers:
- name: nginx-demo
image: nginx:alpine
ports:
- containerPort: 80kubectl create -f pod.yaml
- Apply the popeye plugin on the
defaultnamespace.
kubectl popeye -n default
VIEW-ALLOCATIONS
It is a kubectl plugin that lists allocations for resources (CPU, memory, GPU,…) as defined in the manifest of nodes and running pods.
- Installing view-allocations through Krew
kubectl krew install view-allocations
kubectl view-allocations --help
- To view allocations, group it by namespace
kubectl get ns
kubectl view-allocations -g namespace
SCORE
It is a plugin that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient.
- Installing score through Krew
kubectl krew install score
kubectl score --help
- First, create a nginx deployment and then apply a score on it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80kubectl apply -f deployment.yaml
kubectl score score deployment.yaml
ACCESS-MATRIX
It shows an RBAC access matrix for server resources which means what operations can be done on these roles.
- Install access-matrix through Krew
kubectl krew install access-matrix
- Get access-matrix for resources in the
defaultnamespace
kubectl access-matrix --namespace default
RBAC-TOOL
A collection of Kubernetes RBAC tools to simplify Kubernetes RBAC complexity which means it can analyze, visualize, do lookup, etc.
- Install rbac-tool through Krew
kubectl krew install rbac-tool
kubectl rbac-tool --help
- To get a visualization of RBAC which will be stored in
.htmlfile
kubectl rbac-tool visualize
- To analyze the permissions applied
kubectl rbac-tool analysis
WHO-CAN
It shows which subjects have RBAC permissions to perform actions on different resources in Kubernetes.
- Install who-can through Krew
kubectl krew install who-can
kubectl who-can --help
- To see who can retrieve and view pods
kubectl who-can get pods
- It shows who has full access to pods
kubectl who-can '*' pods
WHOAMI
It shows the subject that’s currently authenticated as means what role one has assigned.
- Install whoami through Krew
kubectl krew install whoami
- To get the subject and its role
kubectl whoami
kubectl config view
What Next?
As we have seen about what is krew and how to work with it for kubectl plugins. Next, we can also write our own kubectl plugins and expose them to krew-index also about which you can find out here.
Conclusion
In this blog, we saw about krew and explored different kubectl plugins with krew.
