Kubevious (pronounced [kju:bvi:əs]) is open-source software that provides a usable and highly graphical interface for Kubernetes. Kubevious renders all configurations relevant to the application in one place. That saves a lot of time from operators, eliminating the need for looking up settings and digging within selectors and labels. Kubevious works with any Kubernetes distributions. Kubevious and can be used at any stage of the project.
Kubevious also provides hints to operators to avoid and identify configurational and operational errors.
See the collection of other demo videos: https://www.youtube.com/channel/UCTjfcEFrGjqtSGtry4ySUzQ
See our live demo running on a model cluster: https://demo.kubevious.io.
Kubevious works with any Kubernetes distribution and runs within the cluster. Deploy using Helm v3:
kubectl create namespace kubevious
helm repo add kubevious https://helm.kubevious.io
helm upgrade --atomic -i kubevious kubevious/kubevious --version 0.5.9 -n kubevious
kubectl port-forward $(kubectl get pod -l k8s-app=kubevious-ui -n kubevious -o jsonpath="{.items[0].metadata.name}") 3000:3000 -n kubeviousAccess from browser: http://localhost:3000
For more details on installation options visit Deployment Repository.
- Visualizes Cluster In An Application Centric Way
- Detects Configuration Errors
- Identifies Blast Radius
- Enables Full Text Search
- Capacity Planning and Resource Usage Optimization
- Radioactive & Overprivileged Workloads
- Time Machine
- Correlated RBAC
Even a simple Hello World app in Kubernetes produces dozens of objects. It takes a lot of time to fetch application relevant configurations.
Kubeviuos renders the entire Kubernetes cluster configuration in an application-centric graphical way. Kubevious identifies relevant Deployments, ReplicaSets, Pods, Services, Ingresses, Volumes, ConfigMaps, etc. and renders withing the application boxes.
The main screen is rendered using boxes. Every box is expandable (using double-click) and selectable. The right side panel includes properties and configurations associated with each box.
Kubernetes follows a detached notion for configuration. It is super easy to have typos and errors when connecting components.
Kubevious identifies many configuration errors, such as misuse of labels, missing ports, and others. The red circle contains the number of errors within the subtree.
Configuration in Kubernetes is highly reusable. A small change can cause unintended consequences.
Kubevious identifies shared configurations and also displays other dependent objects. A single glance is enough to identify the cascading effects of a particular change.
Looking for a particular configuration in Kubernetes haystack takes lots of time.
Kubevious supports full text across across entire cluster.
Clearly identify how much resources are taken by each container, pod, deployment, daemonset, namespace, etc.
Kubevious renders not only absolute resource request values, but also relative usage per node, namespace and entire cluster. Identify which apps take most resources within the namespace.
Granting excessive control to workloads not only increases the risk of being hacked but also affects the stability of nodes and the entire cluster.
Kubevious marks workloads and their corresponding namespaces as radioactive. Specifically, it checks for privileged containers, hostPID, hostNetwork, hostIPC flags, and mounts to sensitive host locations like docker.sock file, etc.
With ever changing configuration it is hard to keep track and identify the source of the problem.
Kubvious allows you to travel back in time and navigate configuration as well as errors. See time machine in action here: https://youtu.be/Zb5ZIJEHONU
Things get messy when it comes to Kubernetes RBAC. There are too many indirections and links to navigate to identify permissions applied to pods.
Kubevious provides correlated view across Roles, Bindings, ServiceAccounts and Applications. Kubevious goes one step further and combines permissions across all relevant roles and presents them in a single role matrix.
Just like in case of ConfigMaps, the ServiceAccounts, Roles and Bindings can be marked with "Shared-By" flag. That would mean that the ServiceAccount, Role or Binding is used elsewhere, and any changes to would affect other applications as well.
Everyone is welcome to contribute. See CONTRIBUTING for instructions on how to contribute.
Kubevious is an open source project licensed under the Apache License.