Exploring Kubectl Plugins

25 October 2021
RBAC
Kubectl
Plugins
kubernetes
Krew

To learn different Kubectl Plugins via Krew Plugin Manager

To manage and operate different Kubernetes-related tasks, kubectl is one of the handiest and most powerful tools to be used. With its core features, we can do various tasks like creating pod resources, listing them, and so on.

But sometimes Kubernetes-admin and users might need to perform tasks that core features of kubectl can't do like to visualize the RBAC roles of the cluster to understand it more properly, switch between different contexts, and namespaces easily, and so on.

So, to solve this, kubectl plugins got introduced which will extend the functionality of kubectl, and to manage these plugins krew, a plugin manager is used.

Lab Setup

You can start the lab setup by clicking on the Lab Setup button on the right side of the screen. Please note that there are app-specific URLs exposed specifically for the hands-on lab purpose.

Our lab has been set up with all necessary tools like base OS (Ubuntu), and developer tools like Git, Vim, wget, and others. 

About Krew

Krew is a plugin manager for kubectl. Krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, helm, or any other package manager.

Lab With Krew Plugin Manager

As we triggered the lab through the LAB SETUP button, a terminal, and an IDE comes for us which already have a Kubernetes cluster running in them. This can be checked by running the kubectl get nodes command. 

kubectl get nodes -o wide

Installation of Krew

  •  Krew can be installed in different ways according to the types of systems. Check the installation through
kubectl krew
  • Check more details about Krew, as Krew itself is a kubectl plugin that can be updated through Krew (self-hosts)
kubectl krew version
  • List out the plugins available through Krew
kubectl krew search

Different Kubectl Plugins

KUBECTX

It is a plugin that helps in switching between multiple contexts quickly.  

  • Installing kubectx through Krew
kubectl krew install ctx
  • To list all the contexts 
kubectl ctx
kubectl ctx --help

KUBENS

  It is a plugin that helps in switching between Kubernetes namespaces easily.    

  • Installing kubens through Krew
kubectl krew install ns
  • To list all the namespaces of the cluster
kubectl ns
kubectl ns --help
  • To get the current namespace in the current context
kubectl ns -c

EXAMPLE

It is a plugin useful for retrieving resource example/template YAMLs, like config map or anything.

  • Installing example through Krew
kubectl krew install example
  • To get a template for ingress
kubectl example ingress
  • To get a template for configmap
kubectl example configmap

IMAGES

It is a plugin useful for listing out all images in the cluster. It first calls kubectl get pods to retrieve pod details and then filters out the container images from it and present them in a table form. 

  • Installing images through Krew
kubectl krew install images
kubectl images --help
  • To get all the images present in the kube-system namespace
kubectl images -n kube-system

TREE

A kubectl plugin to explore ownership relationships between Kubernetes objects through ownersReferences to them. In simple words, a kubectl plugin to browse Kubernetes object hierarchies as a tree

  • Installing tree through Krew
kubectl krew install tree
  • First, create a nginx deployment and apply a tree to it
kubectl create deploy nginx-deploy --image=nginx:alpine --replicas=3
kubectl get deployments
kubectl tree deployment nginx-deploy
  • Update the nginx image in the deployment and then again apply tree on it 
kubectl set image deployment/nginx-deploy nginx=nginx:latest
kubectl tree deployment nginx-deploy
  • Check the replica sets and delete the existing deployment
kubectl get rs
kubectl delete deploy nginx-deploy

POPEYE

It is a known Kubernetes cluster sanitizer that scans live Kubernetes clusters and reports potential issues with deployed resources and configurations.

  • Installing popeye through Krew
kubectl krew install popeye
kubectl popeye --help
Copy Code
Loading...
kubectl create -f pod.yaml
  • Apply the popeye plugin on the default namespace.
kubectl popeye -n default

VIEW-ALLOCATIONS

It is a kubectl plugin that lists allocations for resources (CPU, memory, GPU,...) as defined in the manifest of nodes and running pods.

  • Installing view-allocations through Krew
kubectl krew install view-allocations
kubectl view-allocations --help
  • To view allocations, group it by namespace
kubectl get ns
kubectl view-allocations -g namespace

SCORE

It is a plugin that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient.

  • Installing score through Krew
kubectl krew install score
kubectl score --help
  • First, create a nginx deployment and then apply a score on it.
Copy Code
Loading...
kubectl apply -f deployment.yaml
kubectl score score deployment.yaml

ACCESS-MATRIX

It shows an RBAC access matrix for server resources which means what operations can be done on these roles.

  • Install access-matrix through Krew
kubectl krew install access-matrix
  • Get access-matrix for resources in the default namespace
kubectl access-matrix --namespace default

RBAC-TOOL

A collection of Kubernetes RBAC tools to simplify Kubernetes RBAC complexity which means it can analyze, visualize, do lookup, etc.  

  • Install rbac-tool through Krew
kubectl krew install rbac-tool
kubectl rbac-tool --help
  • To get a visualization of RBAC which will be stored in .html file
kubectl rbac-tool visualize
  • To analyze the permissions applied
kubectl rbac-tool analysis

WHO-CAN

It shows which subjects have RBAC permissions to perform actions on different resources in Kubernetes.

  • Install who-can through Krew
kubectl krew install who-can
kubectl who-can --help
  • To see who can retrieve and view pods
kubectl who-can get pods
  • It shows who has full access to pods
kubectl who-can '*' pods

WHOAMI

It shows the subject that's currently authenticated as means what role one has assigned.

  • Install whoami through Krew
kubectl krew install whoami
  • To get the subject and its role
kubectl whoami
kubectl config view

What Next?

As we have seen about what is krew and how to work with it for kubectl plugins. Next, we can also write our own kubectl plugins and expose them to krew-index also. About which you can find out here

Conclusion

In this hands-on lab, we saw about krew and explored different kubectl plugins with krew.

About the Author

Oshi Gupta

Oshi Gupta

DevOps Engineer & Technical Writer, CloudYuga

Oshi Gupta is a final year undergraduate student and currently working as an Intern at CloudYuga. She is working on Kubernetes and different cloud-native technologies. She also has been a student mentor for the Google Cloud Career Readiness program.