Published: Sep 14, 2023 by Isaac Johnson
I had a list of solid Open-Source Kubernetes CLI tools I wanted to checkout filling my backlog. I decided it would be a good blog post to fire through the lot of them to see how they did looking at various Kubernetes clusters and resources.
Iβll do a walkthrough on KDash, KTop and K1s which is also the order I would give them on features and size. Iβll also setup and run Popeye which can dig into Cluster health, security and waste details (it bills itself as a βA Kubernetes Cluster Sanitizerβ).
KDash
I noted KDash a while back as a tool I really wanted to try out. How might it compare to k9s which I already use on the regular.
Installation
We just need to add the Kdash tap and brew install on WSL/Linux
builder@LuiGi17:~/Workspaces/jekyll-blog$ brew tap kdash-rs/kdash
Running `brew update --auto-update`...
==> Tapping kdash-rs/kdash
Cloning into '/home/linuxbrew/.linuxbrew/Homebrew/Library/Taps/kdash-rs/homebrew-kdash'...
remote: Enumerating objects: 165, done.
remote: Counting objects: 100% (165/165), done.
remote: Compressing objects: 100% (85/85), done.
remote: Total 165 (delta 42), reused 162 (delta 39), pack-reused 0
Receiving objects: 100% (165/165), 19.57 KiB | 3.91 MiB/s, done.
Resolving deltas: 100% (42/42), done.
Tapped 1 formula (14 files, 100.2KB).
builder@LuiGi17:~/Workspaces/jekyll-blog$ brew install kdash
==> Fetching kdash-rs/kdash/kdash
==> Downloading https://github.com/kdash-rs/kdash/releases/download/v0.4.2/kdash-linux-musl.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/357436262/e96fb562-4155-4f4d-91ed-1a8e6351bda9?X-Amz-Algorithm=AWS4-HM
################################################################################################################################################################# 100.0%
==> Installing kdash from kdash-rs/kdash
==> You're done! Run with "kdash"
==> For runtime flags, see "kdash --help"
πΊ /home/linuxbrew/.linuxbrew/Cellar/kdash/v0.4.2: 3 files, 9.9MB, built in 1 second
==> Running `brew cleanup kdash`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Iβm external to my network presently so I can hit it on the current IP provided I skip TLS checks
builder@LuiGi17:~/Workspaces/jekyll-blog$ kubectl get nodes --insecure-skip-tls-verify
NAME STATUS ROLES AGE VERSION
isaac-macbookair Ready control-plane,master 413d v1.23.9+k3s1
builder-hp-elitebook-850-g1 Ready <none> 413d v1.23.9+k3s1
hp-hp-elitebook-850-g2 Ready <none> 413d v1.23.9+k3s1
builder-hp-elitebook-850-g2 Ready <none> 405d v1.23.9+k3s1
Usage
Luckily that didnβt seem to annoy Kdash in the slightest
One of the nice views is Resource Utilization which gives you a lot of breakdowns. At its most, we can see specs by pods in namespaces on nodes
We can see that in action
One of the features I really like is itβs quick to navigate between objects, then one can select an object
and use βdβ for describe to get at the details
For secrets we can go between describe (d) and decode (x)
I was able to pull up custom resources as well. This took time, though I was in an indoor natatorium with limited cell signal on a hotspot, so it might not be k-dashβs fault.
That said, itβs worth noting how it appeared initially there were no resources but after 30s they suddenly appeared:
There are just two themes, a light and dark. Here is the light theme
I kept feeling Iβve seen a similar tool but was stuck until I recalled BTop++ which I covered back in June
I think BTop++ spoiled me on all the settings and themes
KTop
This led me to find another tool, ktop
Installation
This too can be installed with homebrew
builder@LuiGi17:~/Workspaces/jekyll-blog$ brew tap vladimirvivien/oss-tools
==> Tapping vladimirvivien/oss-tools
Cloning into '/home/linuxbrew/.linuxbrew/Homebrew/Library/Taps/vladimirvivien/homebrew-oss-tools'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 10 (delta 3), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (10/10), done.
Resolving deltas: 100% (3/3), done.
Tapped 1 formula (14 files, 67.9KB).
builder@LuiGi17:~/Workspaces/jekyll-blog$ brew install ktop
Running `brew update --auto-update`...
==> Fetching vladimirvivien/oss-tools/ktop
==> Downloading https://github.com/vladimirvivien/ktop/releases/download/v0.3.5/ktop_v0.3.5_linux_amd64.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/77647025/e89a6897-2fb1-47f1-a64d-20591068a513?X-Amz-Algorithm=AWS4-HMA
################################################################################################################################################################# 100.0%
==> Installing ktop from vladimirvivien/oss-tools
πΊ /home/linuxbrew/.linuxbrew/Cellar/ktop/0.3.5: 4 files, 36.9MB, built in 1 second
==> Running `brew cleanup ktop`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Launching KTop has a similar interface
I wonβt spend much time. Much of this hasnβt been updated in a year. I found you could basically run in all namespaces or just a given one by passing that in as a parameter
builder@LuiGi17:~/Workspaces/jekyll-blog$ ktop
Connected to: https://75.73.224.240:123
_ _
| | _| |_ ___ _ __
| |/ / __/ _ \| '_ \
| <| || (_) | |_) |
|_|\_\\__\___/| .__/
|_|
Version v0.3.5
ktop finished
builder@LuiGi17:~/Workspaces/jekyll-blog$ ktop --namespace default
Connected to: https://75.73.224.240:123
_ _
| | _| |_ ___ _ __
| |/ / __/ _ \| '_ \
| <| || (_) | |_) |
|_|\_\\__\___/| .__/
|_|
Version v0.3.5
A bit of basic usage ; just arrow keys, tab and g, j and l do anything
Popeye
I found Popeye from a dev.to article a while ago.
Installation
Like the others, we can brew install this one as well
builder@LuiGi17:~/Workspaces/jekyll-blog$ brew install derailed/popeye/popeye
Running `brew update --auto-update`...
==> Tapping derailed/popeye
Cloning into '/home/linuxbrew/.linuxbrew/Homebrew/Library/Taps/derailed/homebrew-popeye'...
remote: Enumerating objects: 249, done.
remote: Counting objects: 100% (120/120), done.
remote: Compressing objects: 100% (60/60), done.
remote: Total 249 (delta 28), reused 0 (delta 0), pack-reused 129
Receiving objects: 100% (249/249), 27.30 KiB | 443.00 KiB/s, done.
Resolving deltas: 100% (60/60), done.
Tapped 1 formula (12 files, 101.8KB).
==> Fetching derailed/popeye/popeye
==> Downloading https://github.com/derailed/popeye/releases/download/v0.11.1/popeye_Linux_x86_64.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/176379662/c11b09e6-b180-49de-9d49-15a97753d5f5?X-Amz-Algorithm=AWS4-HM
################################################################################################################################################################# 100.0%
==> Installing popeye from derailed/popeye
πΊ /home/linuxbrew/.linuxbrew/Cellar/popeye/0.11.1: 5 files, 42.9MB, built in 1 second
==> Running `brew cleanup popeye`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
sadly, my primary cluster seems to have a v1beta external metrics api not routable (Oh, it is there, it just sends everything to a Datadog cluster agent instead).
Even moving locally, it showed the same.
That said, moving to my βtestβ cluster worked:
Now this page is huge. As much as I want to find some way to screencap the whole thing, I cannot imagine it would display well.
Here was the report:
builder@DESKTOP-QADGF36:~/Workspaces/jekyll-blog$ popeye
___ ___ _____ _____ K .-'-.
| _ \___| _ \ __\ \ / / __| 8 __| `\
| _/ _ \ _/ _| \ V /| _| s `-,-`--._ `\
|_| \___/_| |___| |_| |___| [] .->' a `|-'
Biffs`em and Buffs`em! `=/ (__/_ /
\_, ` _)
`----; |
GENERAL [MAC81]
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Connectivity...................................................................................β
Β· MetricServer...................................................................................β
CLUSTER (1 SCANNED) π₯ 0 π± 0 π 0 β
1 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Version........................................................................................β
β
[POP-406] K8s version OK.
CLUSTERROLES (70 SCANNED) π₯ 0 π± 0 π 18 β
52 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· admin..........................................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· cluster-admin..................................................................................β
Β· clustercidrs-node..............................................................................β
Β· edit...........................................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· k3s-cloud-controller-manager...................................................................β
Β· local-path-provisioner-role....................................................................β
Β· nfs-subdir-external-provisioner-runner.........................................................β
Β· system:aggregate-to-admin......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:aggregate-to-edit.......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:aggregate-to-view.......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:aggregated-metrics-reader...............................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:auth-delegator..........................................................................β
Β· system:basic-user..............................................................................β
Β· system:certificates.k8s.io:certificatesigningrequests:nodeclient...............................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:certificates.k8s.io:certificatesigningrequests:selfnodeclient...........................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:certificates.k8s.io:kube-apiserver-client-approver......................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:certificates.k8s.io:kube-apiserver-client-kubelet-approver..............................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:certificates.k8s.io:kubelet-serving-approver............................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:certificates.k8s.io:legacy-unknown-approver.............................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:controller:attachdetach-controller......................................................β
Β· system:controller:certificate-controller.......................................................β
Β· system:controller:clusterrole-aggregation-controller...........................................β
Β· system:controller:cronjob-controller...........................................................β
Β· system:controller:daemon-set-controller........................................................β
Β· system:controller:deployment-controller........................................................β
Β· system:controller:disruption-controller........................................................β
Β· system:controller:endpoint-controller..........................................................β
Β· system:controller:endpointslice-controller.....................................................β
Β· system:controller:endpointslicemirroring-controller............................................β
Β· system:controller:ephemeral-volume-controller..................................................β
Β· system:controller:expand-controller............................................................β
Β· system:controller:generic-garbage-collector....................................................β
Β· system:controller:horizontal-pod-autoscaler....................................................β
Β· system:controller:job-controller...............................................................β
Β· system:controller:namespace-controller.........................................................β
Β· system:controller:node-controller..............................................................β
Β· system:controller:persistent-volume-binder.....................................................β
Β· system:controller:pod-garbage-collector........................................................β
Β· system:controller:pv-protection-controller.....................................................β
Β· system:controller:pvc-protection-controller....................................................β
Β· system:controller:replicaset-controller........................................................β
Β· system:controller:replication-controller.......................................................β
Β· system:controller:resourcequota-controller.....................................................β
Β· system:controller:root-ca-cert-publisher.......................................................β
Β· system:controller:route-controller.............................................................β
Β· system:controller:service-account-controller...................................................β
Β· system:controller:service-controller...........................................................β
Β· system:controller:statefulset-controller.......................................................β
Β· system:controller:ttl-after-finished-controller................................................β
Β· system:controller:ttl-controller...............................................................β
Β· system:coredns.................................................................................β
Β· system:discovery...............................................................................β
Β· system:heapster................................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:k3s-controller..........................................................................β
Β· system:kube-aggregator.........................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:kube-controller-manager.................................................................β
Β· system:kube-dns................................................................................β
Β· system:kube-scheduler..........................................................................β
Β· system:kubelet-api-admin.......................................................................β
Β· system:metrics-server..........................................................................β
Β· system:monitoring..............................................................................β
Β· system:node....................................................................................β
Β· system:node-bootstrapper.......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:node-problem-detector...................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:node-proxier............................................................................β
Β· system:persistent-volume-provisioner...........................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· system:public-info-viewer......................................................................β
Β· system:service-account-issuer-discovery........................................................β
Β· system:volume-scheduler........................................................................β
Β· view...........................................................................................π
π [POP-400] Used? Unable to locate resource reference.
CLUSTERROLEBINDINGS (54 SCANNED) π₯ 0 π± 0 π 0 β
54 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· cluster-admin..................................................................................β
Β· clustercidrs-node..............................................................................β
Β· helm-default-nfs...............................................................................β
Β· k3s-cloud-controller-manager...................................................................β
Β· k3s-cloud-controller-manager-auth-delegator....................................................β
Β· kube-apiserver-kubelet-admin...................................................................β
Β· local-path-provisioner-bind....................................................................β
Β· metrics-server:system:auth-delegator...........................................................β
Β· run-nfs-subdir-external-provisioner............................................................β
Β· system:basic-user..............................................................................β
Β· system:controller:attachdetach-controller......................................................β
Β· system:controller:certificate-controller.......................................................β
Β· system:controller:clusterrole-aggregation-controller...........................................β
Β· system:controller:cronjob-controller...........................................................β
Β· system:controller:daemon-set-controller........................................................β
Β· system:controller:deployment-controller........................................................β
Β· system:controller:disruption-controller........................................................β
Β· system:controller:endpoint-controller..........................................................β
Β· system:controller:endpointslice-controller.....................................................β
Β· system:controller:endpointslicemirroring-controller............................................β
Β· system:controller:ephemeral-volume-controller..................................................β
Β· system:controller:expand-controller............................................................β
Β· system:controller:generic-garbage-collector....................................................β
Β· system:controller:horizontal-pod-autoscaler....................................................β
Β· system:controller:job-controller...............................................................β
Β· system:controller:namespace-controller.........................................................β
Β· system:controller:node-controller..............................................................β
Β· system:controller:persistent-volume-binder.....................................................β
Β· system:controller:pod-garbage-collector........................................................β
Β· system:controller:pv-protection-controller.....................................................β
Β· system:controller:pvc-protection-controller....................................................β
Β· system:controller:replicaset-controller........................................................β
Β· system:controller:replication-controller.......................................................β
Β· system:controller:resourcequota-controller.....................................................β
Β· system:controller:root-ca-cert-publisher.......................................................β
Β· system:controller:route-controller.............................................................β
Β· system:controller:service-account-controller...................................................β
Β· system:controller:service-controller...........................................................β
Β· system:controller:statefulset-controller.......................................................β
Β· system:controller:ttl-after-finished-controller................................................β
Β· system:controller:ttl-controller...............................................................β
Β· system:coredns.................................................................................β
Β· system:discovery...............................................................................β
Β· system:k3s-controller..........................................................................β
Β· system:kube-controller-manager.................................................................β
Β· system:kube-dns................................................................................β
Β· system:kube-scheduler..........................................................................β
Β· system:metrics-server..........................................................................β
Β· system:monitoring..............................................................................β
Β· system:node....................................................................................β
Β· system:node-proxier............................................................................β
Β· system:public-info-viewer......................................................................β
Β· system:service-account-issuer-discovery........................................................β
Β· system:volume-scheduler........................................................................β
CONFIGMAPS (11 SCANNED) π₯ 0 π± 0 π 8 β
3 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/chart-content-nfs......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/chart-values-nfs.......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/kube-root-ca.crt.......................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/my-opentelemetry-collector.............................................................β
Β· kube-node-lease/kube-root-ca.crt...............................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-public/kube-root-ca.crt...................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/cluster-dns........................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/coredns............................................................................β
Β· kube-system/extension-apiserver-authentication.................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/kube-root-ca.crt...................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/local-path-config..................................................................β
DAEMONSETS (1 SCANNED) π₯ 0 π± 1 π 0 β
0 0Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· kube-system/svclb-azure-vote-front-81a34e62....................................................π±
π³ lb-tcp-80
π± [POP-106] No resources requests/limits defined.
DEPLOYMENTS (15 SCANNED) π₯ 2 π± 10 π 1 β
2 20Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/act-runner.............................................................................π±
π³ daemon
π± [POP-106] No resources requests/limits defined.
π³ runner
π± [POP-106] No resources requests/limits defined.
Β· default/fbnext-deployment......................................................................π±
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π [POP-108] Unnamed port 3000.
Β· default/fbnextgh-deployment....................................................................π±
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π [POP-108] Unnamed port 3000.
Β· default/gitea-memcached........................................................................π±
π³ memcached
π± [POP-107] No resource limits defined.
Β· default/homarr-deployment......................................................................π±
π³ homarr-container
π± [POP-101] Image tagged "latest" in use.
π± [POP-106] No resources requests/limits defined.
π [POP-108] Unnamed port 7575.
Β· default/my-opentelemetry-collector.............................................................π±
π³ opentelemetry-collector
π± [POP-106] No resources requests/limits defined.
Β· default/nfs-subdir-external-provisioner........................................................π±
π³ nfs-subdir-external-provisioner
π± [POP-106] No resources requests/limits defined.
Β· default/nginx..................................................................................π₯
π³ nginx
π₯ [POP-100] Untagged docker image in use.
π± [POP-106] No resources requests/limits defined.
π [POP-108] Unnamed port 80.
Β· default/ngrok..................................................................................π±
π³ ngrok
π± [POP-106] No resources requests/limits defined.
π [POP-108] Unnamed port 4040.
Β· default/vote-back-azure-vote-1688994153........................................................π₯
π³ vote-back-azure-vote-1688994153
π₯ [POP-100] Untagged docker image in use.
π± [POP-106] No resources requests/limits defined.
Β· default/vote-front-azure-vote-1688994153.......................................................π
π³ azure-vote-front
π [POP-108] Unnamed port 80.
Β· default/zipkin.................................................................................β
Β· kube-system/coredns............................................................................β
Β· kube-system/local-path-provisioner.............................................................π±
π³ local-path-provisioner
π± [POP-106] No resources requests/limits defined.
Β· kube-system/metrics-server.....................................................................π±
π³ metrics-server
π± [POP-107] No resource limits defined.
HORIZONTALPODAUTOSCALERS (0 SCANNED) π₯ 0 π± 0 π 0 β
0 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Nothing to report.
INGRESSES (0 SCANNED) π₯ 0 π± 0 π 0 β
0 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Nothing to report.
NAMESPACES (4 SCANNED) π₯ 0 π± 0 π 2 β
2 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default........................................................................................β
Β· kube-node-lease................................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-public....................................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system....................................................................................β
NETWORKPOLICIES (0 SCANNED) π₯ 0 π± 0 π 0 β
0 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Nothing to report.
NODES (3 SCANNED) π₯ 0 π± 0 π 1 β
2 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· anna-macbookair................................................................................π
π [POP-712] Found only one master node.
Β· builder-macbookpro2............................................................................β
Β· isaac-macbookpro...............................................................................β
PERSISTENTVOLUMES (6 SCANNED) π₯ 0 π± 0 π 0 β
6 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· pvc-1c317391-7d2c-405d-a505-d8fe42c44f03.......................................................β
Β· pvc-4fd445e3-0fc3-42a5-a604-d3f9855d8736.......................................................β
Β· pvc-63a24130-ae57-41d6-a158-3f96fa2df2d0.......................................................β
Β· pvc-a5b7daa8-03e2-40b5-b626-79f8b4b0652c.......................................................β
Β· pvc-b15a377c-8d9f-427f-9e52-d9b6cf457dc0.......................................................β
Β· pvc-bffada16-6a38-4968-be79-604ede967b13.......................................................β
PERSISTENTVOLUMECLAIMS (6 SCANNED) π₯ 0 π± 0 π 1 β
5 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/act-runner-vol.........................................................................β
Β· default/configs-pvc............................................................................β
Β· default/data-gitea-0...........................................................................β
Β· default/data-gitea-postgresql-0................................................................β
Β· default/icons-pvc..............................................................................β
Β· default/nfsclaim...............................................................................π
π [POP-400] Used? Unable to locate resource reference.
PODS (27 SCANNED) π₯ 2 π± 25 π 0 β
0 0Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/act-runner-84f56cb5c4-jj4dd............................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ daemon
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
π³ runner
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/act-runner-84f56cb5c4-mqpd2............................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ daemon
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
π³ runner
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnext-deployment-84df6c94c6-hqch6.....................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnext-deployment-84df6c94c6-ntfqp.....................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnext-deployment-84df6c94c6-szlz4.....................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnextgh-deployment-5d7564f6c9-8h9hz...................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnextgh-deployment-5d7564f6c9-bljht...................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/fbnextgh-deployment-5d7564f6c9-jnq7p...................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ fbnext-container
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 3000.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/gitea-0................................................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ configure-gitea
π± [POP-205] Pod was restarted (139) times.
π± [POP-107] No resource limits defined.
π³ gitea
π± [POP-106] No resources requests/limits defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
π³ init-app-ini
π± [POP-107] No resource limits defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
π³ init-directories
π± [POP-107] No resource limits defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/gitea-memcached-8666cf9db5-54cgm.......................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π³ memcached
π± [POP-107] No resource limits defined.
Β· default/gitea-postgresql-0.....................................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π³ postgresql
π± [POP-107] No resource limits defined.
Β· default/homarr-deployment-5b6cf788d9-dwb6x.....................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ homarr-container
π± [POP-101] Image tagged "latest" in use.
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 7575.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/my-opentelemetry-collector-76dbb7d64b-wbhqg............................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ opentelemetry-collector
π± [POP-106] No resources requests/limits defined.
π [POP-105] Liveness probe uses a port#, prefer a named port.
π [POP-105] Readiness probe uses a port#, prefer a named port.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/nfs-subdir-external-provisioner-5f88bc9b6c-gzvsd.......................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ nfs-subdir-external-provisioner
π± [POP-205] Pod was restarted (408) times.
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/nginx-78cc4c645b-lxpbc.................................................................π₯
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ nginx
π₯ [POP-100] Untagged docker image in use.
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 80.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/ngrok-669dd5fdd8-lxdkg.................................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ ngrok
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 4040.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/rubysample.............................................................................π±
π± [POP-208] Unmanaged pod detected. Best to use a controller.
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ rubysample
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/rubysampleotel.........................................................................π±
π± [POP-208] Unmanaged pod detected. Best to use a controller.
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ rubysampleotel
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/vote-back-azure-vote-1688994153-7b76fb69b9-xxzgc.......................................π₯
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ vote-back-azure-vote-1688994153
π₯ [POP-100] Untagged docker image in use.
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/vote-front-azure-vote-1688994153-6fdc76bdd9-vk92z......................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-300] Using "default" ServiceAccount.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ azure-vote-front
π± [POP-102] No probes defined.
π [POP-108] Unnamed port 80.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· default/zipkin-6db857b95b-tmcjh................................................................π±
π± [POP-110] Memory Current/Request (148Mi/128Mi) reached user 80% threshold (115%).
π [POP-206] No PodDisruptionBudget defined.
π³ zipkin
π± [POP-103] No liveness probe.
π [POP-105] Readiness probe uses a port#, prefer a named port.
Β· kube-system/coredns-59b4f5bbd5-h25sv...........................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ coredns
π [POP-105] Liveness probe uses a port#, prefer a named port.
π [POP-105] Readiness probe uses a port#, prefer a named port.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· kube-system/local-path-provisioner-76d776f6f9-hzk6l............................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ local-path-provisioner
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· kube-system/metrics-server-7b67f64457-n2x64....................................................π±
π [POP-206] No PodDisruptionBudget defined.
π± [POP-301] Connects to API Server? ServiceAccount token is mounted.
π³ metrics-server
π± [POP-107] No resource limits defined.
Β· kube-system/svclb-azure-vote-front-81a34e62-6zl8w..............................................π±
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ lb-tcp-80
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· kube-system/svclb-azure-vote-front-81a34e62-kn2kg..............................................π±
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ lb-tcp-80
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
Β· kube-system/svclb-azure-vote-front-81a34e62-t6svq..............................................π±
π± [POP-302] Pod could be running as root user. Check SecurityContext/Image.
π³ lb-tcp-80
π± [POP-106] No resources requests/limits defined.
π± [POP-102] No probes defined.
π± [POP-306] Container could be running as root user. Check SecurityContext/Image.
PODDISRUPTIONBUDGETS (0 SCANNED) π₯ 0 π± 0 π 0 β
0 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· Nothing to report.
REPLICASETS (23 SCANNED) π₯ 0 π± 0 π 0 β
23 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/act-runner-5c67c8d5f5..................................................................β
Β· default/act-runner-84f56cb5c4..................................................................β
Β· default/fbnext-deployment-84df6c94c6...........................................................β
Β· default/fbnext-deployment-c6dcf67db............................................................β
Β· default/fbnextgh-deployment-5d7564f6c9.........................................................β
Β· default/gitea-memcached-8666cf9db5.............................................................β
Β· default/homarr-deployment-5b6cf788d9...........................................................β
Β· default/my-opentelemetry-collector-76dbb7d64b..................................................β
Β· default/nfs-subdir-external-provisioner-5f88bc9b6c.............................................β
Β· default/nfs-subdir-external-provisioner-65669ddf59.............................................β
Β· default/nginx-78cc4c645b.......................................................................β
Β· default/ngrok-5879d66d9c.......................................................................β
Β· default/ngrok-5df4cdcf59.......................................................................β
Β· default/ngrok-669dd5fdd8.......................................................................β
Β· default/ngrok-79f54b8567.......................................................................β
Β· default/ngrok-8595966d8d.......................................................................β
Β· default/ngrok-9cff47d5b........................................................................β
Β· default/vote-back-azure-vote-1688994153-7b76fb69b9.............................................β
Β· default/vote-front-azure-vote-1688994153-6fdc76bdd9............................................β
Β· default/zipkin-6db857b95b......................................................................β
Β· kube-system/coredns-59b4f5bbd5.................................................................β
Β· kube-system/local-path-provisioner-76d776f6f9..................................................β
Β· kube-system/metrics-server-7b67f64457..........................................................β
ROLES (8 SCANNED) π₯ 0 π± 0 π 0 β
8 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/leader-locking-nfs-subdir-external-provisioner.........................................β
Β· kube-public/system:controller:bootstrap-signer.................................................β
Β· kube-system/extension-apiserver-authentication-reader..........................................β
Β· kube-system/system::leader-locking-kube-controller-manager.....................................β
Β· kube-system/system::leader-locking-kube-scheduler..............................................β
Β· kube-system/system:controller:bootstrap-signer.................................................β
Β· kube-system/system:controller:cloud-provider...................................................β
Β· kube-system/system:controller:token-cleaner....................................................β
ROLEBINDINGS (10 SCANNED) π₯ 0 π± 0 π 0 β
10 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/leader-locking-nfs-subdir-external-provisioner.........................................β
Β· kube-public/system:controller:bootstrap-signer.................................................β
Β· kube-system/k3s-cloud-controller-manager-authentication-reader.................................β
Β· kube-system/metrics-server-auth-reader.........................................................β
Β· kube-system/system::extension-apiserver-authentication-reader..................................β
Β· kube-system/system::leader-locking-kube-controller-manager.....................................β
Β· kube-system/system::leader-locking-kube-scheduler..............................................β
Β· kube-system/system:controller:bootstrap-signer.................................................β
Β· kube-system/system:controller:cloud-provider...................................................β
Β· kube-system/system:controller:token-cleaner....................................................β
SECRETS (18 SCANNED) π₯ 0 π± 0 π 12 β
6 100Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/gitea..................................................................................β
Β· default/gitea-init.............................................................................β
Β· default/gitea-inline-config....................................................................β
Β· default/gitea-postgresql.......................................................................β
Β· default/myharborreg............................................................................β
Β· default/runner-secret..........................................................................β
Β· default/sh.helm.release.v1.azure-vote-1688994153.v1............................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.gitea.v1............................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.gitea.v2............................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.my-opentelemetry-collector.v1.......................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.nfs-subdir-external-provisioner.v1..................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.nfs-subdir-external-provisioner.v2..................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.nfs-subdir-external-provisioner.v3..................................π
π [POP-400] Used? Unable to locate resource reference.
Β· default/sh.helm.release.v1.zipkin.v1...........................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/anna-macbookair.node-password.k3s..................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/builder-macbookpro2.node-password.k3s..............................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/isaac-macbookpro.node-password.k3s.................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/k3s-serving........................................................................π
π [POP-400] Used? Unable to locate resource reference.
SERVICES (16 SCANNED) π₯ 0 π± 13 π 2 β
1 18Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/azure-vote-front.......................................................................π±
π [POP-1102] Use of target port #80 for service port TCP::80. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
π [POP-1103] Type LoadBalancer detected. Could be expensive.
π [POP-1107] LoadBalancer detected but service sets externalTrafficPolicy to "Cluster".
Β· default/fbnext-service.........................................................................π
π [POP-1102] Use of target port #3000 for service port TCP::80. Prefer named port.
Β· default/fbnextgh-service.......................................................................π
π [POP-1102] Use of target port #3000 for service port TCP::80. Prefer named port.
Β· default/gitea-http.............................................................................π±
π [POP-1102] Use of target port #3000 for service port TCP:http:3000. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/gitea-memcached........................................................................π±
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/gitea-postgresql.......................................................................π±
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/gitea-postgresql-hl....................................................................π±
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/gitea-ssh..............................................................................π±
π [POP-1102] Use of target port #22 for service port TCP:ssh:22. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/homarsvc...............................................................................π±
π [POP-1102] Use of target port #7575 for service port TCP::7575. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
π [POP-1104] Do you mean it? Type NodePort detected.
Β· default/kubernetes.............................................................................β
Β· default/my-opentelemetry-collector.............................................................π±
π [POP-1102] Use of target port #6831 for service port UDP:jaeger-compact:6831. Prefer named
port.
π [POP-1102] Use of target port #14250 for service port TCP:jaeger-grpc:14250. Prefer named
port.
π [POP-1102] Use of target port #14268 for service port TCP:jaeger-thrift:14268. Prefer named
port.
π [POP-1102] Use of target port #4317 for service port TCP:otlp:4317. Prefer named port.
π [POP-1102] Use of target port #4318 for service port TCP:otlp-http:4318. Prefer named port.
π [POP-1102] Use of target port #9411 for service port TCP:zipkin:9411. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/nginx-service..........................................................................π±
π [POP-1102] Use of target port #80 for service port TCP::80. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/vote-back-azure-vote-1688994153........................................................π±
π [POP-1102] Use of target port #6379 for service port TCP::6379. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· default/zipkin.................................................................................π±
π [POP-1101] Skip ports check. No explicit ports detected on pod
default/zipkin-6db857b95b-tmcjh.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· kube-system/kube-dns...........................................................................π±
π [POP-1102] Use of target port #53 for service port UDP:dns:53. Prefer named port.
π [POP-1102] Use of target port #53 for service port TCP:dns-tcp:53. Prefer named port.
π [POP-1102] Use of target port #9153 for service port TCP:metrics:9153. Prefer named port.
π± [POP-1109] Only one Pod associated with this endpoint.
Β· kube-system/metrics-server.....................................................................π±
π± [POP-1109] Only one Pod associated with this endpoint.
SERVICEACCOUNTS (42 SCANNED) π₯ 0 π± 1 π 3 β
38 97Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/default................................................................................β
Β· default/helm-nfs...............................................................................π±
π± [POP-303] Do you mean it? ServiceAccount is automounting APIServer credentials.
Β· default/my-opentelemetry-collector.............................................................β
Β· default/nfs-subdir-external-provisioner........................................................β
Β· default/zipkin.................................................................................β
Β· kube-node-lease/default........................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-public/default............................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/attachdetach-controller............................................................β
Β· kube-system/certificate-controller.............................................................β
Β· kube-system/clusterrole-aggregation-controller.................................................β
Β· kube-system/coredns............................................................................β
Β· kube-system/cronjob-controller.................................................................β
Β· kube-system/daemon-set-controller..............................................................β
Β· kube-system/default............................................................................π
π [POP-400] Used? Unable to locate resource reference.
Β· kube-system/deployment-controller..............................................................β
Β· kube-system/disruption-controller..............................................................β
Β· kube-system/endpoint-controller................................................................β
Β· kube-system/endpointslice-controller...........................................................β
Β· kube-system/endpointslicemirroring-controller..................................................β
Β· kube-system/ephemeral-volume-controller........................................................β
Β· kube-system/expand-controller..................................................................β
Β· kube-system/generic-garbage-collector..........................................................β
Β· kube-system/horizontal-pod-autoscaler..........................................................β
Β· kube-system/job-controller.....................................................................β
Β· kube-system/local-path-provisioner-service-account.............................................β
Β· kube-system/metrics-server.....................................................................β
Β· kube-system/namespace-controller...............................................................β
Β· kube-system/node-controller....................................................................β
Β· kube-system/persistent-volume-binder...........................................................β
Β· kube-system/pod-garbage-collector..............................................................β
Β· kube-system/pv-protection-controller...........................................................β
Β· kube-system/pvc-protection-controller..........................................................β
Β· kube-system/replicaset-controller..............................................................β
Β· kube-system/replication-controller.............................................................β
Β· kube-system/resourcequota-controller...........................................................β
Β· kube-system/root-ca-cert-publisher.............................................................β
Β· kube-system/service-account-controller.........................................................β
Β· kube-system/statefulset-controller.............................................................β
Β· kube-system/svclb..............................................................................β
Β· kube-system/token-cleaner......................................................................β
Β· kube-system/ttl-after-finished-controller......................................................β
Β· kube-system/ttl-controller.....................................................................β
STATEFULSETS (2 SCANNED) π₯ 0 π± 2 π 0 β
0 0Ωͺ
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Β· default/gitea..................................................................................π±
π³ configure-gitea
π± [POP-107] No resource limits defined.
π³ gitea
π± [POP-106] No resources requests/limits defined.
π³ init-app-ini
π± [POP-107] No resource limits defined.
π³ init-directories
π± [POP-107] No resource limits defined.
Β· default/gitea-postgresql.......................................................................π±
π³ postgresql
π± [POP-107] No resource limits defined.
SUMMARY
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
β
Your cluster score: 78 -- C
o .-'-.
o __| C `\
o `-,-`--._ `\
[] .->' a `|-'
`=/ (__/_ /
\_, ` _)
`----; |
A lot of what it found I donβt care about. I donβt necessarily believe all pods need resource limits.
However, I do agree that named ports are preferred and if this was a dev cluster for work, I would likely push to name those ports (3000 and 4040). There were some leaky service accounts found and some likely deprecated workloads (around NFS).
If you wanted to share this, Popeye can kick out an HTML page
builder@DESKTOP-QADGF36:~/Workspaces/jekyll-blog$ popeye -o html > popeyereport.html
builder@DESKTOP-QADGF36:~/Workspaces/jekyll-blog$ wkhtmltopdf popeyereport.html popeyereport.pdf
Loading page (1/2)
Printing pages (2/2)
Done
builder@DESKTOP-QADGF36:~/Workspaces/jekyll-blog$ cp popeyereport.pdf /mnt/c/Users/isaac/Downloads/
K1s
Getting down to the absolute simplest, letβs look at k1s.
We can install with brew like the rest
$ brew install weibeld/tap/k1s
Though itβs so small, you can get away with just a local download as well
wget https://raw.githubusercontent.com/weibeld/k1s/master/k1s
chmod +x k1s
mv k1s /usr/local/bin
We can see it in action (skip to end)
the usage of K1s is pretty simple - itβs meant to watch a βresource typeβ in a βnamespaceβ
Here I swing through a few. Perhaps you wanted to see when a cert is created on an ingress or pods in a namespace.
Summary
Today we checked out 3 command-line Kubernetes monitoring tools; KDash, KTop and k1s. We also looked at a nice open-source scanner, Popeye. While I like what KTop was trying to do, I probably wonβt use that too often. Instead, I really liked KDash and k1s. I plan to put k1s on a few hosts for work as it really solves my quick checks.
I do plan to try Popeye on some actually workload bearing clusters. If anything, I love tools that can identify issues and waste in easy-to-read reports.