Kubepug is a program that helps you on your journey migrating between Kubernetes versions.
Kubepug
Kubepug is a Kubernetes migration tool designed to help users identify and address API deprecations and deletions when upgrading between Kubernetes versions. It simplifies the process of ensuring compatibility by scanning clusters or manifest files against specified target versions.
Key Features:
Cluster and Manifest Analysis: Kubepug can analyze both running clusters and sets of manifest files to detect deprecated or deleted APIs.
Target Version Specification: Users can specify the target Kubernetes version to validate objects against, aiding in proactive migration planning.
Replacement API Identification: The tool provides guidance on replacing deprecated APIs with their recommended alternatives.
Deprecation Timeline Alerts: Kubepug informs users about when an API was deprecated or deleted relative to the target cluster version.
CI/CD Integration: It can be seamlessly integrated into CI pipelines, ensuring that Kubernetes manifests are validated before deployment.
Air-Gapped Environment Support: For secure environments without internet access, Kubepug supports using a locally stored data.json file for API deprecation information.
Installable via winget: Kubepug can be installed on Windows systems using the winget package manager.
Audience & Benefit:
Ideal for Kubernetes administrators, developers, and DevOps engineers responsible for cluster migrations or resource management. Kubepug ensures smooth upgrades by identifying potential issues early, guiding replacements, preventing operational disruptions, and maintaining compliance with Kubernetes API best practices.
README
Deprecations AKA KubePug - Pre UpGrade (Checker)
KubePug/Deprecations is intended to be a kubectl plugin, which:
Downloads a generated data.json file containing API deprecation information for a specified release of Kubernetes
Scans a running Kubernetes cluster to determine if any objects will be affected by deprecation
Displays affected objects to the user
Features
Can run against a Kubernetes cluster, using kubeconfig or the current cluster
Can run against a different set of manifest/files
Allows specifying the target Kubernetes version to be validated
Provides the replacement API that should be used
Informs the version that the API was deprecated or deleted, based on the target cluster version
How to use it as a krew plugin
Just run kubectl krew install deprecations
How to use it with Helm
If you want to verify the generated manifests by Helm, you can run the program as following:
After that, the command can be used just as kubectl, but with the following flags:
$ kubepug --help
[...]
Flags:
--as-uid string UID to impersonate for the operation.
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--database string Sets the generated database location. Can be remote file or local (default "https://kubepug.xyz/data/data.json")
--disable-compression If true, opt-out of response compression for all requests to the server
--error-on-deleted If a deleted object is found, the program will exit with return code 1 instead of 0. Defaults to false
--error-on-deprecated If a deprecated object is found, the program will exit with return code 1 instead of 0. Defaults to false
--filename string Name of the file the results will be saved to, if empty it will display to stdout
--format string Format in which the list will be displayed [stdout, plain, json, yaml] (default "stdout")
-h, --help help for kubepug
--input-file string Location of a file or directory containing k8s manifests to be analized
--k8s-version string Which kubernetes release version (https://github.com/kubernetes/kubernetes/releases) should be used to validate objects. Defaults to master (default "master")
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
-v, --verbosity string Log level: debug, info, warn, error, fatal, panic (default "warning")
You can check the status of a running cluster with the following command.
$ kubepug --k8s-version=v1.22 # Will verify the current context against v1.22 version
[...]
RESULTS:
Deprecated APIs:
PodSecurityPolicy found in policy/v1beta1
├─ Deprecated at: 1.21
├─ PodSecurityPolicy governs the ability to make requests that affect the Security Contextthat will be applied to a pod and container.Deprecated in 1.21.
-> OBJECT: restrictive namespace: default
Deleted APIs:
APIs REMOVED FROM THE CURRENT VERSION AND SHOULD BE MIGRATED IMMEDIATELY!!
Ingress found in extensions/v1beta1
├─ Deleted at: 1.22
├─ Replacement: networking.k8s.io/v1/Ingress
├─ Ingress is a collection of rules that allow inbound connections to reach theendpoints defined by a backend. An Ingress can be configured to give servicesexternally-reachable urls, load balance traffic, terminate SSL, offer namebased virtual hosting etc.DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information.
-> OBJECT: bla namespace: blabla
The data.json from https://kubepug.xyz/data/data.json will be used
All YAML files (excluding subdirectories) will be verified
The program will exit with an error if deprecated or deleted objects are found.
Air-gapped environment
This happens when you have a secure environment that does not have an internet connectivity.
The data.json file is generated every hour, based on the latest stable version of Kubernetes API.
You can download it from https://kubepug.xyz/data/data.json and move it to a safe location.
Then run kubepug pointing to the location of this file:
name: Sample CI Workflow
# This workflow is triggered on pushes to the repository.
on: [push]
env:
HELM_VERSION: "v3.9.0"
K8S_TARGET_VERSION: "v1.22.0"
jobs:
api-deprecations-test:
runs-on: ubuntu-latest
steps:
- name: Check-out repo
uses: actions/checkout@v2
- uses: azure/setup-helm@v1
with:
version: $HELM_VERSION
id: install
- uses: cpanato/kubepug-installer@v1.0.0
- name: Run Kubepug with your Helm Charts Repository
run: |
find charts -mindepth 1 -maxdepth 1 -type d | xargs -t -n1 -I% /bin/bash -c 'helm template % --api-versions ${K8S_TARGET_VERSION} | kubepug --error-on-deprecated --error-on-deleted --k8s-version ${K8S_TARGET_VERSION} --input-file /dev/stdin'
Screenshot
References
As I've used this project to learn Go and also some Kubernetes client-go some parts of this plugin are based in Caio Begotti's Pod-Tree, Ahmet Balkan kubectl-tree and Bitnami Kubecfg
