Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature]: Enable "--input" flag for parsing k8s information from files instead of requiring k8s connection #942

Open
2 tasks done
Toerq opened this issue Feb 9, 2024 · 7 comments · May be fixed by #1162
Open
2 tasks done
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@Toerq
Copy link

Toerq commented Feb 9, 2024

Checklist

  • I've searched for similar issues and couldn't find anything matching
  • I've discussed this feature request in the K8sGPT Slack and got positive feedback

Is this feature request related to a problem?

None

Problem Description

Currently, the k8sgpt tool requires direct access to a kubeconfig and network access to the Kubernetes cluster to perform the scanning. This requirement creates some limitations, especially in environments with strict security policies or limited network connectivity.

This requirement, in combination with the need for a network connection to an instance running localAI further limits the flexibility.

This limitation makes it challenging to use the tool in isolated, on-prem solutions with limited internet access, or highly secure environments where such access is restricted or not feasible.

Solution Description

Introduce an --input flag for the gpt4all command that allows users to directly provide YAML files as input. These input files should be generated by running e.g. "kubectl get nodes -o yaml" or whatever input format k8sgpt can parse.

This feature would enable comprehensive scanning and analysis without the need for direct access to a kubeconfig or live connection to a Kubernetes cluster.

Additionally, also expand the documentation to inform the users what (e.g. kubectl) commands would need to be run to generate these files.

Benefits

Enables the use of k8sgpt in secure, isolated, or air-gapped environments by removing the direct dependency on kubeconfig and live cluster access.
Expands the tool's usability by facilitating offline analysis and testing against pre-generated data.

Potential Drawbacks

No response

Additional Information

No response

@AlexsJones
Copy link
Member

It's a really interesting idea, but there would be a lot of "State" to download and capture locally.
It's possible, but we would need to really think about how we're doing that.
There might well be a few phases e.g.

Storing the initial data

1. k8sgpt analyze --save

Retrieving from files

2. k8sgpt analyze --from-save

@Toerq
Copy link
Author

Toerq commented Feb 15, 2024

It's a really interesting idea, but there would be a lot of "State" to download and capture locally. It's possible, but we would need to really think about how we're doing that. There might well be a few phases e.g.

Storing the initial data

1. k8sgpt analyze --save

Retrieving from files

2. k8sgpt analyze --from-save

This would be an excellent solution.
Do you have any idea of how long this would take to implement?

@AlexsJones
Copy link
Member

I don't think it's difficult technically, just a little time consuming, because you'd need to pull all of the resources that we have analysers for. Probably one of the easiest ways would be to extend the analyser interface to explain the types it needs to go get, then iterate through that and store locally into files.

I would say it's a few days of work

@AlexsJones AlexsJones added enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed labels Feb 23, 2024
@Toerq
Copy link
Author

Toerq commented Mar 2, 2024

Hi there! I'm interested in working on implementing the --input feature and was exploring the proposed solution.

While going through the discussion, I noticed the suggestion of using two commands:

  1. k8sgpt analyze --save

  2. k8sgpt analyze --from-save <file_path>

I was wondering if the k8sgpt analyze --save command is intended to capture the cluster state using a similar approach as the following command:

kubectl get all --all-namespaces -o yaml > cluster_state.yaml

I'm thinking of implementing the functionality by:

Using k8sgpt analyze --save to save the initial state.

Modifying k8sgpt analyze to accept the saved YAML file as input through the --from-save flag.

That would be a great start, but double check if there are any missing needed resources when running "get all". I don't think you will get any custom CRD resources that might be relevant for instance.

It would also be great if you can choose to mask any sensitive values such as "secrets" when running the "--save" command.

@ronaldpetty
Copy link
Contributor

@the-tech-pilot how you doing on this? Anything you want to have peer reviewed or help with?

@harshanarayana
Copy link

@ronaldpetty @the-tech-pilot I have been working on getting something like this done for my internal use case and I got it working without too much of code changes using the client-go' fake client and prepend reactor.

harshanarayana@401ce5a

I would be more than happy to contribute a full working version of this if it is acceptable.

@harshanarayana harshanarayana linked a pull request Jun 18, 2024 that will close this issue
4 tasks
@harshanarayana
Copy link

Right now, In my case, the files are named as kubectl_get_<resource>_[--namespace_<ns>]_-o_yaml.log and a few lines at the tail end has metadata that I am stripping off.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
Status: Proposed
Development

Successfully merging a pull request may close this issue.

4 participants