mkimuram / k8sviz Goto Github PK

In the line with #29

RUN apk add --no-cache \
        python3 \
        py3-pip \
    && pip3 install --upgrade pip \
    && pip3 install \
        awscli \
    && rm -rf /var/cache/apk/*

Executing k8sviz for a kubernetes 1.22 cluster results in the following error

Failed to get k8s resources: failed to get ingresses in namespace "default": the server could not find the requested resource (get ingresses.extensions)

https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/

API removals for Kubernetes v1.22
The v1.22 release will stop serving the API versions we've listed immediately below. These are all beta APIs that were previously deprecated in favor of newer and more stable API versions.

• [...]
• All beta Ingress APIs (the extensions/v1beta1 and networking.k8s.io/v1beta1 API versions)

After generating the dot file successfully, dot cannot interpret the file to generate any other output format and errors with the line:

Error: diagram.dot: syntax error in line xx near '{'

The error refers to the first line beginning with "_" in the following block:

    // dummy edge to order ranks correctly.
    0 -> 1 -> 2 -> 3 -> 4 [style=invis];
    // Edges between pod and its managed resource
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"grafana_767c5487d6","uid":"e2006273_66b3_4485_8cf8_fba44903d202"}] -> pod_grafana_767c5487d6_52s72 [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"istio_ingressgateway_5bc9ccddd9","uid":"8765dd88_c3f2_4940_a2a1_83d9e7490300"}] -> pod_istio_ingressgateway_5bc9ccddd9_f7dcj [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"istiod_ff5d57b77","uid":"0a6c0f5d_ca84_4ca2_8c9d_e5832983086c"}] -> pod_istiod_ff5d57b77_2vf9v [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"jaeger_566c547fb9","uid":"30386026_f652_41b5_9969_10dde89e3b82"}] -> pod_jaeger_566c547fb9_48c58 [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"kiali_89fd7f87b","uid":"d90911d9_11e0_4d6a_9a35_f2ac0f675345"}] -> pod_kiali_89fd7f87b_hfcts [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"prometheus_788c945c9c","uid":"625678c1_2c0f_4d5c_8b68_e02a09a6f3e1"}] -> pod_prometheus_788c945c9c_jrmtp [style=dashed];
    // Edges between rs and its managed resource
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"grafana","uid":"f8ebc5ac_f4ae_40c3_bafc_6eb98f9b17d4"}] -> rs_grafana_767c5487d6 [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_5bc9ccddd9 [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_6f8778ff6f [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istio_ingressgateway","uid":"d7d7bfdb_f9c4_4c16_b1e8_7b1d0ef718db"}] -> rs_istio_ingressgateway_86f88b6f6 [style=dashed];
    _[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"Deployment","name":"istiod","uid":"f088073a_ff7d_44cd_aff2_eaf180901856"}] -> rs_istiod_5d4798c786 [style=dashed];

If I comment out all the lines beginning with "_", then the diagram compiles. What was the intended code for this block?

No matter what namespace I try, I always get the following error:

`$ bin/k8sviz -n default

Failed to get k8s resources: failed to get cronjobs in namespace "default": the server could not find the requested resource
`

Adding multiple namespaces support.

Great tool!

It'd be a bit more easy for me to use the script if I didn't have to be in the directory containing the script, as the path to the icons is hard-coded to be relative to pwd.

When you connect to an Azure Kubernetes Service (AKS) cluster through Azure CLI using az aks get-credentials, the ~/.kube/config file will use kubelogin in the command resulting in the following error:

$ ./k8sviz.sh
Unable to find image 'mkimuram/k8sviz:0.3.4' locally
0.3.4: Pulling from mkimuram/k8sviz
e95f33c60a64: Pull complete
088e93cd104e: Pull complete
958b7c45c0e1: Pull complete
dc0b27e2e540: Pull complete
Digest: sha256:abe3a75529e31d5e1d4065fb3d7f98d8329e6db583cb4e2e2e9eb25be691b797
Status: Downloaded newer image for mkimuram/k8sviz:0.3.4
Failed to get namespace "default": Get "https://aks-my-cluster-dns-68fac263.hcp.eastus.azmk8s.io:443/api/v1/namespaces/default": getting credentials: exec: executable kubelogin not found

NOTE: This behaviour is the same when using kubectl.

I ended up just downloading kubelogin locally and then updating the Dockerfile and added it to the image and PATH. The code is not worth sharing.

Very cool project!

Suggestion: wrap up the dependencies as a docker container, so someone can run it via docker run

I get the following error when running ./k8sviz.sh -n mynamespace -o test.png

Unable to find image 'diagram:latest' locally
docker: Error response from daemon: pull access denied for diagram, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

I try to make a diagram via this tool.

it holds for 5 sec and finishes successfully but as a result, there is no output file

Hi.

I am trying to generate the deployment diagram from a namespace but the output for deployments contains all previous RS .
Output for one of deployment (extremely zoomed in):

The NS has multiple microservices (10+) and when 10+ generations are tracked in the output file, you can imagine the file contains many objects and only zooming in you can (somehow) see the individual objects (PNG output is worst, as icons and text are very small)

kube 17 and 18, same behavior.

Great tool! Thank you for the effort!

It would be neat if the generator could create Kdl (k8s description language)

https://cloud.redhat.com/blog/kdl-notation-kubernetes-app-deploy

When generating a diagram, it would be great to extend the resources fetch to filter/restrict restrict to a subset of resources within a single namespace, some examples of common labels/annotations where this could apply would be:

• app.kubernetes.io/managed-by: my-cool-manager
• app.kubernetes.io/name: my-cool-app
• app.kubernetes.io/instance: the-best
• app.kubernetes.io/component: server

While this in itself is trivial, (and this can be out of scope for this issue unless folks can think of specific pure k8s ones we need to handle), resource follow ups based on these labels is the only complicated part. Some examples of this may be in the case of TLS secret generation, for example in Openshift, also looking for annotations from the names of those resources we filtered to, such as:

service.beta.openshift.io/originating-service-name: my-cool-resource-service

Where the service my-cool-resource-service had some matching label filter, such as one of those in example above. In my limited experience, this would apply to configmaps/secrets.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1191b3a]

goroutine 1 [running]:
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).genIngSvcRef(0xc000609480)
/home/centos/k8sviz/pkg/graph/graph.go:401 +0xda
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).generateEdges(0xc000609480)
/home/centos/k8sviz/pkg/graph/graph.go:233 +0xef
github.com/mkimuram/k8sviz/pkg/graph.(*Graph).generate(0xc?)
/home/centos/k8sviz/pkg/graph/graph.go:111 +0x32
github.com/mkimuram/k8sviz/pkg/graph.NewGraph(0xc00043ce80, {0xc00032bad0, 0x20})
/home/centos/k8sviz/pkg/graph/graph.go:28 +0x345
main.main()
/home/centos/k8sviz/cmd/k8sviz/main.go:100 +0x13d

bash returns error and cannot generate .png from .out file

$ ./k8sviz.sh -n default -t png -o default.png
./k8sviz.sh: line 15: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
./k8sviz.sh: line 16: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]

$ ls k8sviz.out
k8sviz.out

My bash environment is as follows.

$ bash --version
GNU bash, バージョン 5.0.16(1)-release (x86_64-apple-darwin18.7.0)
Copyright (C) 2019 Free Software Foundation, Inc.
ライセンス GPLv3+: GNU GPL バージョン 3 またはそれ以降 <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to create task for container: failed to create shim task: OCI runtime create failed run create failed unable to start container process exec C:/Program Files/ Git/k8sviz: C:/Program Files/Git/k8sviz no such file or directory

Os windows 11

Congrats on this awesome project!

Would be nice to have HPA (Horizontal Pod Autoscaler) support as well :)

Thanks!

Would it be possible to add port number annotations where relevant, it would make the diagrams much more useful.

Hi, this looks really helpful. Can this be supported for k3d. Could be very useful for development as many setups use k3d instead of kubernetes.

P.s.: running this on k3d with Docker Desktop on Mac doesn't generate the file.

Hi

is it possible to add ingress also ?

hi,
I get this error for only one namespace.
any idea what could be the cause.
my shell script which is loop through all namespaces is exiting because of this error. (my shell script has this: set -o errexit)

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1157149]

goroutine 1 [running]:
main.toDot(0x7ffd844c7f21, 0xc, 0xc00018de88, 0x3)
/src/k8sviz.go:388 +0x1049
main.plotDotFile(0x7ffd844c7f21, 0xc, 0x7ffd844c7f38, 0x37, 0x7ffd844c7f31, 0x3, 0xc00006c6ef, 0xc00004c800)
/src/k8sviz.go:264 +0x11d
main.main()
/src/k8sviz.go:241 +0x95

Default namespace for shell is default but the one for go binary is namespace and namespace namespace isn't usually works. So, both of them should be default.

Failed to output "k8sviz_test.png" file with format "png" for namespace "kube-system": failed to create dot file: stderr: , err: exec: "dot": executable file not found in %PATH%

Adding CronJob support.

Cause with helm & flux, the flow is roughly gitrepo -> kustomization -> helmrelease -> helmchart -> resources, it would be great to be able to automatically visualize that

It seems the current approach to tracking release tags is based on the docker images, can the same tags be reflected on the repository? This helps those that are building a binary and need to reference a specific release.

Similar to issue #49 , but for AWS EKS.

When you connect to an Elastic Kubernetes Service (EKS) cluster using IAM and an SSO provider, the ~/.kube/config file will use aws-iam-authenticator in the command resulting in the following error:

$ ./k8sviz.sh
...
getting credentials: exec: executable aws-iam-authenticator not found

I added these commands to the Dockerfile locally, referencing the AWS instructions here: https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html

diff --git a/Dockerfile b/Dockerfile
index daeade8..b0f71de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,17 @@ FROM vanilla AS aws
 RUN apk add --no-cache \
         python3 \
         py3-pip \
+        curl \
     && pip3 install --upgrade pip \
     && pip3 install \
         awscli \
     && rm -rf /var/cache/apk/*

+RUN curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 \
+    && chmod +x ./aws-iam-authenticator \
+    && mv ./aws-iam-authenticator /bin/aws-iam-authenticator
+
+
 FROM vanilla AS gcloud
 RUN apk add --no-cache \
         python3 \

However, this is not enough for my host's kube config to be used - it needs cached credentials from the .kube directory, in addition to the ~/.kube/config file. So I changed the docker run command to mount the config directory in its entirety:

diff --git a/k8sviz.sh b/k8sviz.sh
index 014d28d..b1fa26a 100755
--- a/k8sviz.sh
+++ b/k8sviz.sh
@@ -69,7 +69,7 @@ fi
 docker run --network host                                    \
   --user $(id -u):$(id -g)                                   \
   -v ${ABSDIR}:/work                                         \
-  -v ${KUBECONFIG}:/config:ro                                \
+  -v ${ABSKUBEDIR}:/.kube:ro                                  \
   -it --rm ${FLAGS_image}                                    \
-  /k8sviz -kubeconfig /config                                \
+  /k8sviz -kubeconfig /.kube/${KUBEFILE}                      \
   -n ${FLAGS_namespace} -t ${FLAGS_type} -o /work/${FILENAME}

After this, I am successfully able to run k8sviz from my local machine!

Actual behaviour

Input: ./k8sviz.sh -n myproject -t png -o default.png

Output:

Format: "png" not recognized. Use one of:

Expected behaviour

One of :

1. Print supported types
2. Just works :)

Configuration

• OS : Windows 10 Enterprise (1909)

• uname -a

MINGW64_NT-10.0-18363 18T291 3.0.7-338.x86_64 2019-11-21 23:07 UTC x86_64 Msys

• bash --version

GNU bash, version 4.4.23(1)-release (x86_64-pc-msys)

• dot -V

dot - graphviz version 2.43.20200408.0903 (20200408.0903)