What are your top 10 indispensable k8s tools? IMPORTANT: For reasons I do not comprehend (and Google support could not figure out), CZcams tends to delete comments that contain links. Please do not use them in your comments.
@@CloudNativeJanitor Initially, the list was much bigger and had a tendency to become very big so I limited myself to 10. Those you mentioned were excluded not because I did not think (some of them) should not be in the list but because of the self-imposed limit of 10.
@@DevOpsToolkit yes, it makes sense, the landscape is huge, it would be very interesting to see what everyone's favourite 10 tools are? KubeVela and Pomtail are new to me, that is what I like about your channel, I am guaranteed to learn new things and expand on my knowledge, thank you very much
My top 10 (from a homelab perspective) 1: K8s Lens. Just a fantastic tool for port forwarding and quick diagnosis. 2: MetalLB to have "real" loadbalancer IP addresses. 3: Traefik Proxy. It just works better for me with letsencrypt TLS challenges. No need to have dns integration or http port open, and it all just works out of the box. 4: Helm - for the exact reasons here. 5: Krew - plugin manager for Kubectl. 6: PLG (Prometheus - Loki - Grafana). 7: nano with yaml highlighting + yamllint. Nothing beats commandline in a pinch. 8: K9s - love it, but don't use it as often since Lens v5. 9: Terraform - everything-as-code. 10: Longhorn - good CSI with solid frontend for management and diagnose features such as snapshots.
I'd definitely add ZSH as a tool. Command completion, auto suggestions just make cli work a million times easier. Coupled with ohmyzsh , you get context and namespace details on every line, which is important if you work with a large number of clusters
Excellent video Viktor, thanks! Currently setup a RKE2 environment and want to put some of these into practice, particularly interested in ArgoCD instead of using typical pipeline methods and its supporting options (Argo workflows and events).
I fully agree with that. We need to move the complexity into clusters (operators) and, from there on, a simple yaml should suffice to create the needed resources based on CRDs.
Hi Viktor, great video as always. What do you think about using OpenTelemetryfor observability? With OpenTelemtry you get metrics, logs and tracing using one tool vs loki, promtail and prometheus. I am aware that you need to refactor the application in order to use OpenTelemtry but if someone is starting from scratch is this option may be a better solution for all new applications? Are you planning to make a video about creating/defining application using Crossplane?
I'm a cli (and tui) addict, and I can safely say that k9s was one of the best (if not THE best) tool I've used until (well, maybe lazygit is also a candidate). Too bad I don't get to work with Kubernetes (and k9s) anymore.
Your favorite ArgoCD does not _support_ an official helm chart (the community provides one) and AFAICT Intuit does not use helm internally. And this aligns with my own aversion to 3rd party helm repos and charts in my prod cluster.
I agree. Still, many apps are only defined as helm charts and while I heavily lean towards kustomize, it might be hard for many to rewrite charts. In any case, kustomize rules :)
Great video as always. i'm using rancher on my on premise it's package some tools on your video. using argocd to, absolutly love this one. just think want try gatekeeper & cert manager. any advice what can i add another tools on rancher?
Great video Viktor!! Congratulations!! It's not the first time you mention about cloud native apps (OAM) but i have a question: Can we simulate a native cloud app like rollout custom resource? I mean, a native app that can support canary or blue-green rolling updates (deployment). What do you think?
OAM with, let's say, KubeVela, expands into whichever Kubernetes resources you tell it to expand so it can be anything, including canary deployments with Argo rollouts or flagger.
@@betorvs Oh yeah. Crossplane Compositions serve a similar purpose as KubeVela. Both can be used to create new CRDs with corresponding controllers. Personally, I replaced KubeVela with Crossplane. However, I am also heavily invested in Crossplane so I'm trying to retain some level of objectivity by not recommending it exclusively.
@@DevOpsToolkit and do you have any example of using crossplane composition for it? Maybe some git repo? Thanks for your time and videos. They are amazing!!!
@@betorvs I have quite a few examples stored in github.com/vfarcic/devops-toolkit-crossplane. That repo alone might be too confusing so you might want to check out the videos in czcams.com/users/Upbound. That's where I publish most of the Crossplane-related videos since I joined Upbound. Just as in this channel, there is always a Gist with all the commands I run in a demo. Please let me know if you have trouble finding a video that specifically talks about the apps (quite a few do) and I'll get back to you with a direct link to it.
I love your videos! Sorry for the dumb question, I’m just starting out, what do you mean when you are referring to applications? (11:29) You recommended ArgoCD for syncing the deployments running on the EKS cluster, what are these other applications you’re talking about?
By application I mean code of an app packaged as a container image and meant to run in Kubernetes. Or, in other words, whatever we are developing and want to make available to our customers.
JSPolicy is great but I don't think it's getting as much love and traction as, let's say, Kyverno. Also, with the introduction of Validating Admission Policy in Kubernetes v1.26, the game is going to change for all those tools. Now we finally have a standard API.
Crossplane for apps. I hope crossplane vscode support for language syntax is available. Yaml for customresourcedefinition seems wrong. It would be great to have golang for definition embedded in yaml like envoy filters implemented in Lua.
We already started working on the VSCode language syntax (marketplace.visualstudio.com/items?itemName=Upboundio.upbound). It's in early stages, but we're getting there. We're also working on other ways to define/template/overlay/etc. Crossplane compositions but we're still not 100% sure how it'll look like so I'll avoid giving more details until that's clarified.
I don't exactly agree on the idea that you can't define application as a Helm chart, because you can put as many manifests as you want inside a single chart, and it already provides an abstraction for the users in the form of input values.
I probably did not express myself well. You can definitely define kiss resource that constitute an app (or anything else) as a helm chart. What I wanted to say is that I prefer kustomize for internal apps.
I would not say that those are required but that defining apps as CRs might be the next step forward. If it is, than Crossplane and KubeVela are a potentially helpful tools to create the Cards and controllers (operators) required for CRs to do what they need to do. A good example would be KNative. I am suggesting that something similar to it can be done with our own company-specific definitions.
Hey @DevOps Toolkit, can I use Cert Manager to create certificate for my intranet sites? (That should be trusted by browsers too). As of now, the sit has a self signed cert (Fake certificate from K8s), which the user have to click and bypass the browser's warning.
CertManager can operate as a CA based on its own self-signed cert, then hand out certs signed by itself. You would then install the public key to browsers so that they trust any cert made by that CA. Alternatively, if you can, you can get a wild-card cert from LetsEncrypt for a domain you control, then use that. Your internal services would be registered against that name, even though they are only accessible internally (nothing stops you from setting a .com address to point at 192.168.1.1, for example).
I prefer Kustomize over Helm for my own apps. It's more elegant and, generally speaking, I prefer overlaying (Kustomize) over templating (Helm). Also, it's part of `kubectl`. You might want to check czcams.com/video/ZMFYSm0ldQ0/video.html.
Genuinely, Can someone explain to me why you would use crossplane? I guess i dont understand why you use it over terraform + helm charts. Is it like making custom operators or something? It looks cool and id like to integrate but i just dont know what problem it solves, and i want to because i feel like theres something gold there
Crossplane is built on top of Kubernetes with all the good things that brings to the table. Terraform does not have an API, continuous drift-detection and reconciliation, and many other things that are inherent part of Kubernetes and, therefore Crossplane. Then there is state management in Terraform that is challenging, to say the least. Further on, by being Kubernetes-native, it integrates with any other Kubernetes-native tool like Argo CD, Flux, Kyverno, Prometheus, Loki, etc. Further on, Crossplane has a concept of Compositions which is a way to create your own CRDs and controllers that define what something is by extending Kube API. To put it in other words... The same reasons why one would use Kubernetes to manage applications instead of doing the operations with a CLI are just as valid as reasons to use Kubernetes to manage any other type of resources. So, the question is whether Kubernetes is a good way to manage resources. The answer might be that it isn't. But, if it is, it should not matter what those resources are, be it containers, VMs, WASM, EC2 instances, DBs, clusters, or anything else. The benefits or downsides (depending on how you look at it) are the same no matter what those resources are. Now, if we do settle that Kubernetes and the ecosystem around it is a good thing, than we need to look for tools designed to leverage it (to be designed on its principles). When it comes to infrastructure and services, Crossplane is one of a few. Depending on what you need, you might opt for Cluster API, or KubeVirt, or something other than Crossplane, as long as that something follow the Kubernetes principles. Terraform, unfortunately, doesn't. It was designed long before Kubernetes was born. Many tried to put it inside Kubernetes, and no one succeeded simply because it's design is at ods with it.
KinD runs Kubernetes in a container which is great is you're using Docker. However, Rancher Desktop is standalone and is a full replacement for both Docker and Kubernetes. It's free, it's based on k3s (which I think is the best choice for local k8s), etc. Take a look at czcams.com/video/evWPib0iNgY/video.html.
Not yet. It is on my to-do list but I cannot yet say when I'll get to it. The list is growing much faster than i can handle. What i can say is thst, apart from having a dedicated video, it will be featured in czcams.com/play/PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.html since it is a CNCF project.
That would be an interesting subject for an upcoming video. Until then, and assuming that it's about chaos through Kubernetes, I'd say that the two essential tools are a service mesh and a chaos engine. Service mesh should probably be whichever you use for other things (e.g., Istio, LinkerD, etc.). As for chaos itself, it can be Chaos Mesh, Chaos Toolkit, Litmus, etc. All of those are relatively young and tend to change very fast and, with those changes, the recommendations are changing fast as well. In any case... I'll add that to my TODO list... :)
I did not put it only because of the self-imposed limitation to 10 tools. I don't think that Skaffold or another similar type of tool should take the place of any of those I included in the video. If it would be "top 20", Skaffold would probably be in it.
There are quite a few others that should be included but were not. I limited it to 10 to avoid going into the rabbit hole of everything anyone might need when working with Kubernetes.
@@DevOpsToolkit thanks for you sharing about the kubectl. The idea of the kubectl is kick IT out of the process and reducing the effort on IT job. But in reality we still get control from IT so we have to pay for IT and also the cloud. When it come to company policy update or security update, It request these back to us to do their job because we are sub owner. To me that make kubectl idea is worsting idea ever
@@Dai-corporation kubectl is just a CLI that sends requests to KubeAPI. It's a helper tool and nothing more. We could do all the same actions by sending `curl` requests to KubeAPI. As such, I am not sure I understand how could kubectl "kick IT out of the process". As for reducing the effort... Aren't we all trying to reduce the effort? Isn't that the whole point?
What are your top 10 indispensable k8s tools?
IMPORTANT: For reasons I do not comprehend (and Google support could not figure out), CZcams tends to delete comments that contain links. Please do not use them in your comments.
great video!
agree 100% with your selection, I would add operators, trivy, grype, ondat, synk
@@CloudNativeJanitor Initially, the list was much bigger and had a tendency to become very big so I limited myself to 10. Those you mentioned were excluded not because I did not think (some of them) should not be in the list but because of the self-imposed limit of 10.
@@DevOpsToolkit yes, it makes sense, the landscape is huge, it would be very interesting to see what everyone's favourite 10 tools are? KubeVela and Pomtail are new to me, that is what I like about your channel, I am guaranteed to learn new things and expand on my knowledge, thank you very much
My top 10 (from a homelab perspective)
1: K8s Lens. Just a fantastic tool for port forwarding and quick diagnosis.
2: MetalLB to have "real" loadbalancer IP addresses.
3: Traefik Proxy. It just works better for me with letsencrypt TLS challenges. No need to have dns integration or http port open, and it all just works out of the box.
4: Helm - for the exact reasons here.
5: Krew - plugin manager for Kubectl.
6: PLG (Prometheus - Loki - Grafana).
7: nano with yaml highlighting + yamllint. Nothing beats commandline in a pinch.
8: K9s - love it, but don't use it as often since Lens v5.
9: Terraform - everything-as-code.
10: Longhorn - good CSI with solid frontend for management and diagnose features such as snapshots.
Great list!
I need to setup my own home lab one of these days.
This channel is very much underrated.
Deserves more :))
I'd definitely add ZSH as a tool. Command completion, auto suggestions just make cli work a million times easier.
Coupled with ohmyzsh , you get context and namespace details on every line, which is important if you work with a large number of clusters
Oh yeah. OhMyZSH is awesome and I honestly don't know how I would work without it.
Wow k9s is life changing, thank you!
From a security standpoint -- Istio, Trivy operator, and Falco
Excellent video Viktor, thanks! Currently setup a RKE2 environment and want to put some of these into practice, particularly interested in ArgoCD instead of using typical pipeline methods and its supporting options (Argo workflows and events).
Great selection, love it! I now want to give Crossplane a good spin!
Thanks for this great video, Viktor!
Another absolutely amazing and useful video! Thank you Viktor!
thanks so much, keep waiting for the part 2 XD
I am really dissapointed, I know all of them !! :-) That is because I have been watching all your videos! Thanks!
I'm doing my best to always introduce something new in every video. That's sometimes very challenging so I end up with videos like this one :(
@@DevOpsToolkit No need to apologize, you are always putting the best stuff ever
Helm is ok for simple app bundles, for complex app-bundles with auto-lcm/scale k8s operators are more handier imho.
I fully agree with that. We need to move the complexity into clusters (operators) and, from there on, a simple yaml should suffice to create the needed resources based on CRDs.
Hi Viktor, great video as always.
What do you think about using OpenTelemetryfor observability? With OpenTelemtry you get metrics, logs and tracing using one tool vs loki, promtail and prometheus. I am aware that you need to refactor the application in order to use OpenTelemtry but if someone is starting from scratch is this option may be a better solution for all new applications?
Are you planning to make a video about creating/defining application using Crossplane?
I'm a cli (and tui) addict, and I can safely say that k9s was one of the best (if not THE best) tool I've used until (well, maybe lazygit is also a candidate). Too bad I don't get to work with Kubernetes (and k9s) anymore.
Gotta love these videos ❤
Distributed tracing is important too, for apps. Signoz or Jaeger. And at least 1 security tool, like Falco.
Oh yeah. Those are very important. Maybe I should have made it top 20 so that more can enter?
@@DevOpsToolkit yes top 20 would have covered important & necessary tools.
I'll do that the next time :)
I just found Kubernator (VS Code extension) - holy damn it's amazing!!!
Very useful video, thank you
Great video! Do you use some tool for backup? Like Velero?
Velero is the one I use the most.
Your favorite ArgoCD does not _support_ an official helm chart (the community provides one) and AFAICT Intuit does not use helm internally. And this aligns with my own aversion to 3rd party helm repos and charts in my prod cluster.
I agree. Still, many apps are only defined as helm charts and while I heavily lean towards kustomize, it might be hard for many to rewrite charts.
In any case, kustomize rules :)
It would be fine a udemy course base on this top ten, plus the security and secret protection tools.
Most of those are available as videos for free on this channel :)
Great video as always.
i'm using rancher on my on premise it's package some tools on your video. using argocd to, absolutly love this one. just think want try gatekeeper & cert manager. any advice what can i add another tools on rancher?
It's not about adding tools on Rancher but rather to Kubernetes itself :)
Great video Viktor!! Congratulations!! It's not the first time you mention about cloud native apps (OAM) but i have a question: Can we simulate a native cloud app like rollout custom resource? I mean, a native app that can support canary or blue-green rolling updates (deployment). What do you think?
OAM with, let's say, KubeVela, expands into whichever Kubernetes resources you tell it to expand so it can be anything, including canary deployments with Argo rollouts or flagger.
@@DevOpsToolkit sorry for asking you without checking it, but can we achieve the same with crossplane instead kubevela?
@@betorvs Oh yeah. Crossplane Compositions serve a similar purpose as KubeVela. Both can be used to create new CRDs with corresponding controllers. Personally, I replaced KubeVela with Crossplane. However, I am also heavily invested in Crossplane so I'm trying to retain some level of objectivity by not recommending it exclusively.
@@DevOpsToolkit and do you have any example of using crossplane composition for it? Maybe some git repo? Thanks for your time and videos. They are amazing!!!
@@betorvs I have quite a few examples stored in github.com/vfarcic/devops-toolkit-crossplane. That repo alone might be too confusing so you might want to check out the videos in czcams.com/users/Upbound. That's where I publish most of the Crossplane-related videos since I joined Upbound.
Just as in this channel, there is always a Gist with all the commands I run in a demo.
Please let me know if you have trouble finding a video that specifically talks about the apps (quite a few do) and I'll get back to you with a direct link to it.
I love your videos! Sorry for the dumb question, I’m just starting out, what do you mean when you are referring to applications? (11:29)
You recommended ArgoCD for syncing the deployments running on the EKS cluster, what are these other applications you’re talking about?
By application I mean code of an app packaged as a container image and meant to run in Kubernetes. Or, in other words, whatever we are developing and want to make available to our customers.
jspolicy is much better than Kyverno or OPA. Apart from that very useful video thanks!
JSPolicy is great but I don't think it's getting as much love and traction as, let's say, Kyverno. Also, with the introduction of Validating Admission Policy in Kubernetes v1.26, the game is going to change for all those tools. Now we finally have a standard API.
Thanks!
Thanks a ton!
Crossplane for apps. I hope crossplane vscode support for language syntax is available. Yaml for customresourcedefinition seems wrong. It would be great to have golang for definition embedded in yaml like envoy filters implemented in Lua.
We already started working on the VSCode language syntax (marketplace.visualstudio.com/items?itemName=Upboundio.upbound). It's in early stages, but we're getting there.
We're also working on other ways to define/template/overlay/etc. Crossplane compositions but we're still not 100% sure how it'll look like so I'll avoid giving more details until that's clarified.
OpenLens!
Thanks
Thanks a ton Tal.
I don't exactly agree on the idea that you can't define application as a Helm chart, because you can put as many manifests as you want inside a single chart, and it already provides an abstraction for the users in the form of input values.
I probably did not express myself well. You can definitely define kiss resource that constitute an app (or anything else) as a helm chart. What I wanted to say is that I prefer kustomize for internal apps.
@@DevOpsToolkit To clarify: this was in reference to idea that Crossplane or Kubevela is required to manage apps.
I would not say that those are required but that defining apps as CRs might be the next step forward. If it is, than Crossplane and KubeVela are a potentially helpful tools to create the Cards and controllers (operators) required for CRs to do what they need to do. A good example would be KNative. I am suggesting that something similar to it can be done with our own company-specific definitions.
Hey @DevOps Toolkit, can I use Cert Manager to create certificate for my intranet sites? (That should be trusted by browsers too).
As of now, the sit has a self signed cert (Fake certificate from K8s), which the user have to click and bypass the browser's warning.
Yes, you can. Among others, you can use Cert Manager with the Let's Encrypt issuer for that.
CertManager can operate as a CA based on its own self-signed cert, then hand out certs signed by itself. You would then install the public key to browsers so that they trust any cert made by that CA.
Alternatively, if you can, you can get a wild-card cert from LetsEncrypt for a domain you control, then use that. Your internal services would be registered against that name, even though they are only accessible internally (nothing stops you from setting a .com address to point at 192.168.1.1, for example).
I just realized that you asked about intranet and not internet sites. In that case, the saynay answer is the correct one.
@@saynay302 Thank you, I'll try it out.
May I ask you why don't you use Helm for your own applications? what do you use instead?
I prefer Kustomize over Helm for my own apps. It's more elegant and, generally speaking, I prefer overlaying (Kustomize) over templating (Helm). Also, it's part of `kubectl`.
You might want to check czcams.com/video/ZMFYSm0ldQ0/video.html.
Genuinely, Can someone explain to me why you would use crossplane? I guess i dont understand why you use it over terraform + helm charts. Is it like making custom operators or something? It looks cool and id like to integrate but i just dont know what problem it solves, and i want to because i feel like theres something gold there
Crossplane is built on top of Kubernetes with all the good things that brings to the table. Terraform does not have an API, continuous drift-detection and reconciliation, and many other things that are inherent part of Kubernetes and, therefore Crossplane. Then there is state management in Terraform that is challenging, to say the least. Further on, by being Kubernetes-native, it integrates with any other Kubernetes-native tool like Argo CD, Flux, Kyverno, Prometheus, Loki, etc. Further on, Crossplane has a concept of Compositions which is a way to create your own CRDs and controllers that define what something is by extending Kube API.
To put it in other words... The same reasons why one would use Kubernetes to manage applications instead of doing the operations with a CLI are just as valid as reasons to use Kubernetes to manage any other type of resources.
So, the question is whether Kubernetes is a good way to manage resources. The answer might be that it isn't. But, if it is, it should not matter what those resources are, be it containers, VMs, WASM, EC2 instances, DBs, clusters, or anything else. The benefits or downsides (depending on how you look at it) are the same no matter what those resources are.
Now, if we do settle that Kubernetes and the ecosystem around it is a good thing, than we need to look for tools designed to leverage it (to be designed on its principles). When it comes to infrastructure and services, Crossplane is one of a few. Depending on what you need, you might opt for Cluster API, or KubeVirt, or something other than Crossplane, as long as that something follow the Kubernetes principles. Terraform, unfortunately, doesn't. It was designed long before Kubernetes was born. Many tried to put it inside Kubernetes, and no one succeeded simply because it's design is at ods with it.
Please make videos of prometheus and loki.. Metrics in general
Will do. Adding it to my TODO list... :)
@@DevOpsToolkit thanks boss! Love your videos
Great video! Just out of curiosity, why Rancher Desktop and not KinD?
KinD runs Kubernetes in a container which is great is you're using Docker. However, Rancher Desktop is standalone and is a full replacement for both Docker and Kubernetes. It's free, it's based on k3s (which I think is the best choice for local k8s), etc. Take a look at czcams.com/video/evWPib0iNgY/video.html.
Hello there
any videos about karmada
Not yet. It is on my to-do list but I cannot yet say when I'll get to it. The list is growing much faster than i can handle. What i can say is thst, apart from having a dedicated video, it will be featured in czcams.com/play/PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.html since it is a CNCF project.
What must have tool for Chaos ?
That would be an interesting subject for an upcoming video.
Until then, and assuming that it's about chaos through Kubernetes, I'd say that the two essential tools are a service mesh and a chaos engine. Service mesh should probably be whichever you use for other things (e.g., Istio, LinkerD, etc.). As for chaos itself, it can be Chaos Mesh, Chaos Toolkit, Litmus, etc. All of those are relatively young and tend to change very fast and, with those changes, the recommendations are changing fast as well.
In any case... I'll add that to my TODO list... :)
How come skaffold is not mentioned anywhere?
I did not put it only because of the self-imposed limitation to 10 tools. I don't think that Skaffold or another similar type of tool should take the place of any of those I included in the video. If it would be "top 20", Skaffold would probably be in it.
Where is Istio ?
There are quite a few others that should be included but were not. I limited it to 10 to avoid going into the rabbit hole of everything anyone might need when working with Kubernetes.
Well, kubectl is good if you dont care about cost and IT dont touch your stuffs
There are many things wrong with kubectl, but I'm not sure how does that relate to cost? I'm curious to know more about what you mean.
@@DevOpsToolkit thanks for you sharing about the kubectl. The idea of the kubectl is kick IT out of the process and reducing the effort on IT job. But in reality we still get control from IT so we have to pay for IT and also the cloud. When it come to company policy update or security update, It request these back to us to do their job because we are sub owner. To me that make kubectl idea is worsting idea ever
@@Dai-corporation kubectl is just a CLI that sends requests to KubeAPI. It's a helper tool and nothing more. We could do all the same actions by sending `curl` requests to KubeAPI. As such, I am not sure I understand how could kubectl "kick IT out of the process". As for reducing the effort... Aren't we all trying to reduce the effort? Isn't that the whole point?
@@DevOpsToolkit i dont think that we are on the same page. I am talking about the idea and purpose of using kubectl.
Kubectl is just a short way that I call the kubernestes :d. Sorry if that make you confuse.
Thanks!
Thanks a ton @touchthesun
Thanks
Thanks a ton!