• What is Kubevious?
• Intro Video
• Live Demo
• Running Kubevious
• Running Kubevious Outside the Cluster
• Capabilities
• Community Posts, Reviews and Videos

What is Kubevious?

Kubevious (pronounced [kju:bvi:əs]) is open-source software that provides a usable and highly graphical interface for Kubernetes. Kubevious renders all configurations relevant to the application in one place. That saves a lot of time from operators, eliminating the need for looking up settings and digging within selectors and labels. Kubevious works with any Kubernetes distributions. Kubevious and can be used at any stage of the project.

Kubevious also provides hints to operators to avoid and identify configurational and operational errors.

Intro Video

See the collection of other demo videos: https://www.youtube.com/channel/UCTjfcEFrGjqtSGtry4ySUzQ

Live Demo

See our live demo running on a model cluster: https://demo.kubevious.io.

Running Kubevious

Kubevious works with any Kubernetes distribution and runs within the cluster. Deploy using Helm v3.2+:

kubectl create namespace kubevious

helm repo add kubevious https://helm.kubevious.io

helm upgrade --atomic -i kubevious kubevious/kubevious --version 0.8.15 -n kubevious

kubectl port-forward $(kubectl get pods -n kubevious -l "app.kubernetes.io/component=kubevious-ui" -o jsonpath="{.items[0].metadata.name}") 8080:80 -n kubevious 

Access from browser: http://localhost:8080

For more details on installation options visit Deployment Repository.

Running Kubevious Outside the Cluster

While Kubevious was made to run inside the cluster and monitor the cluster it lives in, Kubevious Portable version runs outside the cluster. Usually, that would happen on development machines from where operators would run kubectl commands. Kubevious Portable runs inside a single docker container. Kubevious Portable does not have Rule Executing and Time Machine capabilities and is meant for quick sanity check and visualization of Kubernetes clusters and applications. Kubevious Portable connects to clusters defined in kube-config files.

See instructions on running Kubevious Portable here.

Capabilities

• Cluster and Configs in an Application Centric View
• Detects Configuration Errors
• Write Your Own Validation Rules
• Identifies Blast Radius
• Full Text Search
• Perform Capacity Planning and Optimize Resource Usage
• Time Machine
• Radioactive & Overprivileged Workloads
• Correlated RBAC

Cluster and Configs in an Application Centric View

Even a simple Hello World app in Kubernetes produces dozens of objects. It takes a lot of time to fetch application relevant configurations.

Kubeviuos renders the entire Kubernetes cluster configuration in an application-centric graphical way. Kubevious identifies relevant Deployments, ReplicaSets, Pods, Services, Ingresses, Volumes, ConfigMaps, etc. and renders withing the application boxes.

The main screen is rendered using boxes. Every box is expandable (using double-click) and selectable. The right side panel includes properties and configurations associated with each box.

Detect Configuration Errors

Kubernetes follows a detached notion for configuration. It is super easy to have typos and errors when connecting components.

Kubevious identifies many configuration errors, such as misuse of labels, missing ports, and others. The red circle contains the number of errors within the subtree.

Write Your Own Validation Rules

Kubevious comes with an ability to support organizations needing additional rules beyond the built-in checks (such as label mismatch, missing port, misused or overused objects, etc.). It does that by allowing Kubernetes operators to define their own rules, and allowing organizations to enforce DevOps best practices without changing their existing release processes. The rules in Kubevious are continuously assured to be compliant to company policies and security postulates to be enforced. Rules are defined using a domain-specific JavaScript syntax to allow custom rules to be easily written and understood.

Learn more about defining your own rules here.

Identify Blast Radius

Configuration in Kubernetes is highly reusable. A small change can cause unintended consequences.

Kubevious identifies shared configurations and also displays other dependent objects. A single glance is enough to identify the cascading effects of a particular change.

Full Text Search

Looking for a particular configuration in Kubernetes haystack takes lots of time.

Kubevious supports full text across across entire cluster.

Perform Capacity Planning and Optimize Resource Usage

Clearly identify how much resources are taken by each container, pod, deployment, daemonset, namespace, etc.

Kubevious renders not only absolute resource request values, but also relative usage per node, namespace and entire cluster. Identify which apps take most resources within the namespace.

Time Machine

With ever changing configuration it is hard to keep track and identify the source of the problem.

Kubvious allows you to travel back in time and navigate configuration as well as errors. See time machine in action here: https://youtu.be/Zb5ZIJEHONU

Radioactive & Overprivileged Workloads

Granting excessive control to workloads not only increases the risk of being hacked but also affects the stability of nodes and the entire cluster.

Kubevious marks workloads and their corresponding namespaces as radioactive. Specifically, it checks for privileged containers, hostPID, hostNetwork, hostIPC flags, and mounts to sensitive host locations like docker.sock file, etc.

Correlated RBAC

Things get messy when it comes to Kubernetes RBAC. There are too many indirections and links to navigate to identify permissions applied to pods.

Kubevious provides correlated view across Roles, Bindings, ServiceAccounts and Applications. Kubevious goes one step further and combines permissions across all relevant roles and presents them in a single role matrix.

Just like in case of ConfigMaps, the ServiceAccounts, Roles and Bindings can be marked with "Shared-By" flag. That would mean that the ServiceAccount, Role or Binding is used elsewhere, and any changes to would affect other applications as well.

Community Posts, Reviews and Videos

• Kubevious - Kubernetes GUI that's not so Obvious | DevOps by Bribe By Bytes
• A Walk Through the Kubernetes UI Landscape at 6:47 by Henning Jacobs & Joaquim Rocha @ KubeCon North America 2020
• Tool of the Day: more than a dashboard, kubevious gives you a labeled, relational view of everything running in your Kubernetes cluster by Adrian Goins @ Coffee and Cloud Native
• Kubevious: Kubernetes Dashboard That Isn't A Waste Of Time by Viktor Farcic @ The DevOps Toolkit Series
• Kubevious – a Revolutionary Kubernetes Dashboard by Kostis Kapelonis @ CodeFresh
• TGI Kubernetes 113: Kubernetes Secrets Take 3 at 17:54 by Joshua Rosso @ VMware
• Let us take a dig into Kubevious by Saiyam Pathak @ Civo Cloud
• Обзор графических интерфейсов для Kubernetes by Oleg Voznesensky @ Progress4GL
• Useful Interactive Terminal and Graphical UI Tools for Kubernetes by William Lam @ VMware

If you want your article describing the experience with Kubevious posted here, please submit a PR.

Authors

Everyone is welcome to contribute. See CONTRIBUTING for instructions on how to contribute.

License

Kubevious is an open source project licensed under the Apache License.