mkimuram / k8sviz Goto Github PK
View Code? Open in Web Editor NEWGenerate Kubernetes architecture diagrams from the actual state in a namespace
License: Apache License 2.0
Generate Kubernetes architecture diagrams from the actual state in a namespace
License: Apache License 2.0
Great tool!
It'd be a bit more easy for me to use the script if I didn't have to be in the directory containing the script, as the path to the icons is hard-coded to be relative to pwd
.
When generating a diagram, it would be great to extend the resources fetch to filter/restrict restrict to a subset of resources within a single namespace, some examples of common labels/annotations where this could apply would be:
app.kubernetes.io/managed-by: my-cool-manager
app.kubernetes.io/name: my-cool-app
app.kubernetes.io/instance: the-best
app.kubernetes.io/component: server
While this in itself is trivial, (and this can be out of scope for this issue unless folks can think of specific pure k8s ones we need to handle), resource follow ups based on these labels is the only complicated part. Some examples of this may be in the case of TLS secret generation, for example in Openshift, also looking for annotations from the names of those resources we filtered to, such as:
service.beta.openshift.io/originating-service-name: my-cool-resource-service
Where the service my-cool-resource-service
had some matching label filter, such as one of those in example above. In my limited experience, this would apply to configmaps/secrets.
Input: ./k8sviz.sh -n myproject -t png -o default.png
Output:
Format: "png" not recognized. Use one of:
One of :
OS : Windows 10 Enterprise (1909)
uname -a
MINGW64_NT-10.0-18363 18T291 3.0.7-338.x86_64 2019-11-21 23:07 UTC x86_64 Msys
bash --version
GNU bash, version 4.4.23(1)-release (x86_64-pc-msys)
dot -V
dot - graphviz version 2.43.20200408.0903 (20200408.0903)
Hi.
I am trying to generate the deployment diagram from a namespace but the output for deployments contains all previous RS .
Output for one of deployment (extremely zoomed in):
The NS has multiple microservices (10+) and when 10+ generations are tracked in the output file, you can imagine the file contains many objects and only zooming in you can (somehow) see the individual objects (PNG output is worst, as icons and text are very small)
kube 17 and 18, same behavior.
Great tool! Thank you for the effort!
hi,
I get this error for only one namespace.
any idea what could be the cause.
my shell script which is loop through all namespaces is exiting because of this error. (my shell script has this: set -o errexit)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1157149]
goroutine 1 [running]:
main.toDot(0x7ffd844c7f21, 0xc, 0xc00018de88, 0x3)
/src/k8sviz.go:388 +0x1049
main.plotDotFile(0x7ffd844c7f21, 0xc, 0x7ffd844c7f38, 0x37, 0x7ffd844c7f31, 0x3, 0xc00006c6ef, 0xc00004c800)
/src/k8sviz.go:264 +0x11d
main.main()
/src/k8sviz.go:241 +0x95
Hi
is it possible to add ingress also ?
Hi, this looks really helpful. Can this be supported for k3d. Could be very useful for development as many setups use k3d instead of kubernetes.
P.s.: running this on k3d with Docker Desktop on Mac doesn't generate the file.
I get the following error when running ./k8sviz.sh -n mynamespace -o test.png
Unable to find image 'diagram:latest' locally
docker: Error response from daemon: pull access denied for diagram, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
When you connect to an Azure Kubernetes Service (AKS) cluster through Azure CLI using az aks get-credentials
, the ~/.kube/config
file will use kubelogin
in the command
resulting in the following error:
$ ./k8sviz.sh
Unable to find image 'mkimuram/k8sviz:0.3.4' locally
0.3.4: Pulling from mkimuram/k8sviz
e95f33c60a64: Pull complete
088e93cd104e: Pull complete
958b7c45c0e1: Pull complete
dc0b27e2e540: Pull complete
Digest: sha256:abe3a75529e31d5e1d4065fb3d7f98d8329e6db583cb4e2e2e9eb25be691b797
Status: Downloaded newer image for mkimuram/k8sviz:0.3.4
Failed to get namespace "default": Get "https://aks-my-cluster-dns-68fac263.hcp.eastus.azmk8s.io:443/api/v1/namespaces/default": getting credentials: exec: executable kubelogin not found
NOTE: This behaviour is the same when using kubectl
.
I ended up just downloading kubelogin
locally and then updating the Dockerfile
and added it to the image and PATH
. The code is not worth sharing.
bash returns error and cannot generate .png from .out file
$ ./k8sviz.sh -n default -t png -o default.png
./k8sviz.sh: line 15: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
./k8sviz.sh: line 16: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
$ ls k8sviz.out
k8sviz.out
My bash environment is as follows.
$ bash --version
GNU bash, バージョン 5.0.16(1)-release (x86_64-apple-darwin18.7.0)
Copyright (C) 2019 Free Software Foundation, Inc.
ライセンス GPLv3+: GNU GPL バージョン 3 またはそれ以降 <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Executing k8sviz for a kubernetes 1.22 cluster results in the following error
Failed to get k8s resources: failed to get ingresses in namespace "default": the server could not find the requested resource (get ingresses.extensions)
https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/
API removals for Kubernetes v1.22
The v1.22 release will stop serving the API versions we've listed immediately below. These are all beta APIs that were previously deprecated in favor of newer and more stable API versions.
Very cool project!
Suggestion: wrap up the dependencies as a docker container, so someone can run it via docker run
Similar to issue #49 , but for AWS EKS.
When you connect to an Elastic Kubernetes Service (EKS) cluster using IAM and an SSO provider, the ~/.kube/config file will use aws-iam-authenticator in the command resulting in the following error:
$ ./k8sviz.sh
...
getting credentials: exec: executable aws-iam-authenticator not found
I added these commands to the Dockerfile locally, referencing the AWS instructions here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
diff --git a/Dockerfile b/Dockerfile
index daeade8..b0f71de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,17 @@ FROM vanilla AS aws
RUN apk add --no-cache \
python3 \
py3-pip \
+ curl \
&& pip3 install --upgrade pip \
&& pip3 install \
awscli \
&& rm -rf /var/cache/apk/*
+RUN curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 \
+ && chmod +x ./aws-iam-authenticator \
+ && mv ./aws-iam-authenticator /bin/aws-iam-authenticator
+
+
FROM vanilla AS gcloud
RUN apk add --no-cache \
python3 \
However, this is not enough for my host's kube config to be used - it needs cached credentials from the .kube directory, in addition to the ~/.kube/config
file. So I changed the docker run command to mount the config directory in its entirety:
diff --git a/k8sviz.sh b/k8sviz.sh
index 014d28d..b1fa26a 100755
--- a/k8sviz.sh
+++ b/k8sviz.sh
@@ -69,7 +69,7 @@ fi
docker run --network host \
--user $(id -u):$(id -g) \
-v ${ABSDIR}:/work \
- -v ${KUBECONFIG}:/config:ro \
+ -v ${ABSKUBEDIR}:/.kube:ro \
-it --rm ${FLAGS_image} \
- /k8sviz -kubeconfig /config \
+ /k8sviz -kubeconfig /.kube/${KUBEFILE} \
-n ${FLAGS_namespace} -t ${FLAGS_type} -o /work/${FILENAME}
After this, I am successfully able to run k8sviz from my local machine!
It would be neat if the generator could create Kdl (k8s description language)
https://cloud.redhat.com/blog/kdl-notation-kubernetes-app-deploy
No matter what namespace I try, I always get the following error:
`$ bin/k8sviz -n default
Failed to get k8s resources: failed to get cronjobs in namespace "default": the server could not find the requested resource
`
Adding multiple namespaces support.
Would it be possible to add port number annotations where relevant, it would make the diagrams much more useful.
Congrats on this awesome project!
Would be nice to have HPA (Horizontal Pod Autoscaler) support as well :)
Thanks!
Cause with helm & flux, the flow is roughly gitrepo -> kustomization -> helmrelease -> helmchart -> resources, it would be great to be able to automatically visualize that
In the line with #29
RUN apk add --no-cache \
python3 \
py3-pip \
&& pip3 install --upgrade pip \
&& pip3 install \
awscli \
&& rm -rf /var/cache/apk/*
It seems the current approach to tracking release tags is based on the docker images, can the same tags be reflected on the repository? This helps those that are building a binary and need to reference a specific release.
Failed to output "k8sviz_test.png" file with format "png" for namespace "kube-system": failed to create dot file: stderr: , err: exec: "dot": executable file not found in %PATH%
After generating the dot file successfully, dot cannot interpret the file to generate any other output format and errors with the line:
Error: diagram.dot: syntax error in line xx near '{'
The error refers to the first line beginning with "_" in the following block:
// dummy edge to order ranks correctly.
0 -> 1 -> 2 -> 3 -> 4 [style=invis];
// Edges between pod and its managed resource
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"grafana_767c5487d6","uid":"e2006273_66b3_4485_8cf8_fba44903d202"}] -> pod_grafana_767c5487d6_52s72 [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"istio_ingressgateway_5bc9ccddd9","uid":"8765dd88_c3f2_4940_a2a1_83d9e7490300"}] -> pod_istio_ingressgateway_5bc9ccddd9_f7dcj [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"istiod_ff5d57b77","uid":"0a6c0f5d_ca84_4ca2_8c9d_e5832983086c"}] -> pod_istiod_ff5d57b77_2vf9v [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"jaeger_566c547fb9","uid":"30386026_f652_41b5_9969_10dde89e3b82"}] -> pod_jaeger_566c547fb9_48c58 [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"kiali_89fd7f87b","uid":"d90911d9_11e0_4d6a_9a35_f2ac0f675345"}] -> pod_kiali_89fd7f87b_hfcts [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"prometheus_788c945c9c","uid":"625678c1_2c0f_4d5c_8b68_e02a09a6f3e1"}] -> pod_prometheus_788c945c9c_jrmtp [style=dashed];
// Edges between rs and its managed resource
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"grafana","uid":"f8ebc5ac_f4ae_40c3_bafc_6eb98f9b17d4"}] -> rs_grafana_767c5487d6 [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_5bc9ccddd9 [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_6f8778ff6f [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_86f88b6f6 [style=dashed];
_[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istiod","uid":"f088073a_ff7d_44cd_aff2_eaf180901856"}] -> rs_istiod_5d4798c786 [style=dashed];
If I comment out all the lines beginning with "_", then the diagram compiles. What was the intended code for this block?
Default namespace for shell is default
but the one for go binary is namespace
and namespace namespace
isn't usually works. So, both of them should be default
.
Failed to create task for container: failed to create shim task: OCI runtime create failed run create failed unable to start container process exec C:/Program Files/ Git/k8sviz: C:/Program Files/Git/k8sviz no such file or directory
Os windows 11
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1191b3a]
goroutine 1 [running]:
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).genIngSvcRef(0xc000609480)
/home/centos/k8sviz/pkg/graph/graph.go:401 +0xda
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).generateEdges(0xc000609480)
/home/centos/k8sviz/pkg/graph/graph.go:233 +0xef
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).generate(0xc?)
/home/centos/k8sviz/pkg/graph/graph.go:111 +0x32
github.com/mkimuram/k8sviz/pkg/graph.NewGraph(0xc00043ce80, {0xc00032bad0, 0x20})
/home/centos/k8sviz/pkg/graph/graph.go:28 +0x345
main.main()
/home/centos/k8sviz/cmd/k8sviz/main.go:100 +0x13d
Adding CronJob support.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.