Kubernetes itself is one of the best open source contributions - that’s why our team at Fairwinds is 100% committed to the project and the community.
Our team of SREs work to enable companies to maximize the benefits of Kubernetes. We use a lot of open source tools, and contribute projects, to ensure organizations can run secure, reliable and scalable Kubernetes infrastructure.
We asked our SREs about their favorite open source projects. Here we list them out to help you on your Kubernetes journey.
Combination of nginx-ingress + cert-manager + external-dns
ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers. It makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server itself, but merely configures other DNS providers accordingly—e.g. AWS Route 53 or Google Cloud DNS.
The combination of nginx-ingress + cert-manager +external-dns allows sysadmins to automate some of the most historically difficult or annoying tasks that have to be done.
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
We use Helm to install both internal apps and third-party apps, but really love it for installing third-party apps.
reckoner + helm
Reckoner is a command line helper for helm created by the Fairwinds SRE team. This utility adds to the functionality of Helm in multiple ways:
Creates a declarative syntax to manage multiple releases in one place
Allows installation of charts from a git commit/branch/release
Reckoner saves time and headaches for Kubernetes teams.
kubectl-ns allows you to quickly view or change the current namespace via kubectl. It’s very specific and only saves a bit of time on each use. But because our team uses it many times a day, it’s a great ratio of effort to value. kubectx and kubens are similar tools you can use.
kubetails is bash script that enables you to aggregate (tail/follow) logs from multiple pods into one stream. This is the same as running "kubectl logs -f " but for multiple pods.
Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging. The query is a regular expression so the pod name can easily be filtered and you don't need to specify the exact id (for instance omitting the deployment id). If a pod is deleted it gets removed from tail and if a new pod is added it automatically gets tailed. When a pod contains multiple containers Stern can tail all of them too without having to do this manually for each one. Simply specify the container flag to limit what containers to show. By default all containers are listened to.
kube-capacity is a simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster. It attempts to combine the best parts of the output from kubectl top and kubectl describe into an easy to use CLI focused on cluster resources.
Goldilocks, an open source tool by Fairwinds, is a Kubernetes controller that provides a dashboard that gives recommendations on how to set your resource requests. To provide recommendations, we use the Vertical Pod Autoscaler (VPA). The VPA controller stack contains a recommendation engine that takes into account the current resource usage of your pods in order to provide a guideline. The primary goal of VPA is to actually set those for you, but we aren’t currently comfortable with how it does this; more specifically, we like to run Horizontal Pod Autoscaler, which doesn’t play nice with the VPA. Instead, we just use the recommendation engine that VPA provides to give you good recommendations on how to set your resource requests and limits.You can read more about Goldilocks on our blog.
Fairwinds' team of SREs have developed many open source tools as part of our commitment to the Kubernetes community.