Try using popeye, a Kubernetes Cluster Sanitizer, to help lint objects deployed to Kubernetes to detect misconfigurations, and give you some feedback on compliance with community best practices.
It seems that half the fun with software development today is creating fun new framework names, simply to give you an opportunity to create a neat product logo. Popeye makes you smile as a framework but also provides you with some valuable insight into potential flaws in your Kubernetes object configurations.
It’s essentially a linter for Kubernetes objects and we’ve been experimenting with it for our own deployments.
You can throw popeye at your cluster “raw” but you might be disappointed with the noise it produces, even with what you might consider to be “sensibly configured” objects. Nevertheless install it and run it on one of your namespaces to see what it throws up.
Armed with a Kubernetes configuration file you could run popeye on the my-namespace namespace with the following command: -
If your namespace has a Service object you might see output like this: -
It complains a lot.
Most of the above is warning you that there’s only one receiver for the endpoint (only one Pod when you should probably have more than one). Don’t despair - this is where popeye’s spinach files come in.
The spinach configuration file is essentially its lint configuration.
The spinach file is a YAML file that allows you to fine-control popeye’s response. For the above you could silence all the Only one associated endpoint. warnings with a spinach file like this: -
If this is stored in the file my-spinach.yaml you would re-run popeye with: -
To see the reduced output: -
And then further reduce the output by limiting it to warnings (or errors) with: -
To, finally, get this output: -
Obviously it’s bad form to silence warnings, so most of your work might be adjusting your deployment to remove them, rather than using spinach to hide them. But this was just a brief tutorial for what appears to be a really useful tool.