Skip to content

Heptio Sonobuoy is a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in an accessible and non-destructive manner. Brought to you by Heptio.

License

Notifications You must be signed in to change notification settings

liztio/sonobuoy

 
 

Repository files navigation

Sonobuoy

Maintainers: Heptio

Build Status

Overview

Heptio Sonobuoy is a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in an accessible and non-destructive manner. It is a customizable, extendable, and cluster-agnostic way to generate clear, informative reports about your cluster--regardless of your deployment details.

Its selective data dumps of Kubernetes resource objects and cluster nodes allow for the following use cases:

Supported Versions

NOTE: The table below only applies to the e2e conformance tests.

To ensure that your cluster is running the appropriate Kubernetes version for your Sonobuoy release, see the second column of the table below. Otherwise you may encounter the documented issues.

Sonobuoy Version / Conformance Version Required K8s Cluster Version Known Issues
v0.10.0 / 1.8 >= 1.7 For earlier cluster versions (e.g. 1.6), some issues may exist.
v0.9.0 / 1.8 >= 1.7 For earlier cluster versions (e.g. 1.6), some issues may exist.
v0.8.0 / 1.7 N/A N/A

Prerequisites

  • You should have access to an up-and-running Kubernetes cluster. If you do not have a cluster, follow the AWS Quickstart Kubernetes Tutorial to set one up with a single command.

  • You should have kubectl installed. If not, follow the instructions for installing via Homebrew (MacOS) or building the binary (Linux).

  • You must run the kubectl apply commands for Sonobuoy as an admin user.

  • Your firewall settings must allow Sonobuoy to communicate with your cluster.

  • Your cluster must have the appropriate RBAC ClusterRole and ClusterRoleBinding configured. By default, the Sonobuoy YAML assumes that your cluster is running with --authorization-mode=RBAC, and includes the required RBAC configurations.

    (If you don't have RBAC enabled, subsequent documentation addresses how to handle this.)

Up and running

To easily get a Sonobuoy scan started on your cluster, use the browser-based Sonobuoy Scanner tool. Sonobuoy Scanner also provides a more user-friendly way of viewing your scan results.

Note that Sonobuoy Scanner runs conformance tests only. To learn how to run Sonobuoy with your own YAML files, which allows for further configuration and customization, see the Quickstart section below.

tarball overview screenshot

Quickstart

Heptio provides prebuilt Sonobuoy container images in its Google Container Registry (gcr.io/heptio-images). For the sake of faster setup on your cluster, this quickstart pulls from this registry to skip the container build process. You can use this same process to deploy Sonobuoy to production.

This guide executes a Sonobuoy run on your cluster, and records the following results:

  • Basic info about your cluster's hosts, Kubernetes resources, and versions.
  • (Via plugin) systemd logs from each host
  • (Via plugin) The results of a single e2e conformance test ("Pods should be submitted and removed"). See the conformance guide for configuration details.

1. Download

Clone or fork the Sonobuoy repo:

git clone https://github.com/heptio/sonobuoy.git

2. Run

First, make sure that you're in your Sonobuoy root directory.

If your cluster is not running RBAC, you'll need to regenerate the quickstart YAML files. To determine whether your cluster is running RBAC, run the command below:

export RBAC_ENABLED=$(kubectl api-versions | grep "rbac.authorization.k8s.io/v1" -c)

Use the environment variable you just set to regenerate examples/quickstart.yaml:

make generate

Now you're ready to deploy a Sonobuoy pod to your cluster! Run the following command:

kubectl apply -f examples/quickstart.yaml

You can view actively running pods with the following command:

kubectl get pods -l component=sonobuoy --namespace=heptio-sonobuoy

To verify that Sonobuoy has completed successfully, check the logs:

kubectl logs -f sonobuoy --namespace=heptio-sonobuoy

If you see the log line no-exit was specified, sonobuoy is now blocking, the Sonobuoy pod has completed its data collection.

Notes:

  • The Sonobuoy pod in this example continues to run after it finishes data collection, due to the --no-exit flag in its YAML manifest. This allows you to easily grab the results tarball.

  • Sonobuoy collects one data report per run---each time you want a new report you need to delete the existing Sonobuoy YAML files and reapply them (see the tear down step).

  • In practice, you should make sure that the Sonobuoy pod writes its results to a Persistent Volume. The quickstart example writes its output to an emptyDir volume for simplicity.

Troubleshooting errors from kubectl logs:

  • If you are able to debug and resolve the issue on your own, make sure to delete and reapply Sonobuoy's YAML manifests. Otherwise, file an issue.

To view the output, copy the output directory from the main Sonobuoy pod to somewhere local:

kubectl cp heptio-sonobuoy/sonobuoy:/tmp/sonobuoy ./results --namespace=heptio-sonobuoy

This should copy a single .tar.gz snapshot from the Sonobuoy pod into your local ./results directory. You can extract its contents into /.results with:

tar xzf ./results/*.tar.gz

For information on the contents of the snapshot, see the snapshot documentation.

NOTE: At this time, the layout of the contents of the tarball is subject to change.

3. Tear down

To clean up Kubernetes objects created by Sonobuoy, run the following command:

kubectl delete -f examples/quickstart.yaml

Further documentation

To learn how to configure your Sonobuoy runs and integrate plugins, see the /docs directory.

Troubleshooting

If you encounter any problems that the documentation does not address, file an issue.

Contributing

Thanks for taking the time to join our community and start contributing!

Before you start

Testing

You can run sonobuoy's tests with make test. This will spin up local docker containers to run the test suite.

For noiser tests, use VERBOSE=true make test

Pull requests

  • We welcome pull requests. Feel free to dig through the issues and jump in.

Changelog

See the list of releases to find out about feature changes.

About

Heptio Sonobuoy is a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests in an accessible and non-destructive manner. Brought to you by Heptio.

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 96.3%
  • Makefile 2.9%
  • Shell 0.8%