In 2023, Clyso released the Ceph Analyzer, giving your operations teams a great tool for inspecting the health of your Ceph clusters, offering in-depth reporting and recommendations to fix many non-trivial issues. Two years later, we are pleased to announce the release of Clyso Kubernetes Analyzer!
Get your 30 days of Kubernetes Analyzer now!
What does Clyso Kubernetes Analyzer do?
Is your Cluster in a good shape, or do you think it is? We will check it for you!
Features:
- Comprehensive Cluster Inspection: Perform a full inspection of all cluster components with a single command.
- Pod Inspection: Retrieve detailed information about pods, including container statuses and logs from the last restart.
- Node Inspection: Gather system information and statuses from all nodes in the cluster.
- Component Inspection: Inspect critical Kubernetes components like CoreDNS, etcd, CNI, and CSI.
- Certificate Expiration Verification: Check the expiration dates of Kubernetes certificates to prevent unexpected outages.
- Health Checks: Perform health checks on cluster components to ensure they are functioning correctly.
The Analyzer will check your cluster and give you a report with recommendations on any problems it found.
Required Permissions:
To run the Full System Analysis Tool, the following Kubernetes permissions are required. You can create a ClusterRole with the necessary permissions using the following YAML configuration:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: full-system-analysis-role
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec", "pods/log"]
verbs: ["create", "get"]
- apiGroups: [""]
resources: ["pods/portforward"]
verbs: ["create"]
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumes", "persistentvolumeclaims"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csidrivers"]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets"]
verbs: ["get", "list"]
This ClusterRole grants the necessary permissions to inspect and manage various Kubernetes resources.
How to use it
- Grab you a free Demo from here
- You will receive a .zip file that you have to unzip:
$ unzip fsa_tool_clyso_0.16.0_linux_amd64.zip
LICENSE
config
fsa
- Now you see a fsa and a config file. This two files you have to copy on a control-plane node where it can execute kubectl and kubeadm or if not possible (f.e. on Talos Linux) to a machine that can reach the cluster and has a configured kubectl.
- Create a config directory on your "$HOME" or your choosen user and copy the config file into it:
## Create the directory
$ mkdir $HOME/.fsa
## Copy the config
$ cp config $HOME/.fsa/config
- Copy also the fsa Binary to your place where you like to execute it:
## Copy the fsa
$ cp fsa $HOME/fsa
- Execute now the Binary, this will generate a file called
report.json:
$ ./fsa inspect all -o json
...
JSON report written to report.json
- Upload the report.json to https://analyzer.clyso.com/#/analyzer/kubernetes
- Check your report and improve your Cluster!