Making kubectl plugins mainstream

Transcript

1. @ahmetb making kubectl plugins mainstream ahmet alp balkan (@ahmetb) google

   cloud

2. @ahmetb @ahmetb on {twitter, github} ➔ ported docker.exe, docker maintainer

   ~2015 ➔ started Azure Container Registry ~2016 ➔ developer advocate @ Google ~2017 working on Google Cloud Run, Knative, dev tools ➔ kubectx & kubens & kubectl-aliases ➔ Google’s microservices-demo ➔ kubectl plugin manager krew.dev about me 2

3. @ahmetb agenda 1. kubectl plugins 101 2. krew (plugin manager)

   overview 3. why did we need plugins? 4. let's develop a plugin 5. plugin runtime 6. why develop a plugin? 7. how to distribute your plugins 8. best practices for writing plugins user developer 3

4. @ahmetb USING PLUGINS 4

5. @ahmetb kubectl plugins circa v1.12 an extension mechanism that lets

   you write your own kubectl subcommands. 5

6. @ahmetb kubectl plugin mechanism in a nutshell 1. write an

   executable program 2. name it kubectl-something 3. put it in your $PATH 4. invoke as "kubectl something" 6

7. @ahmetb where do I find plugins? - github? - some

   list? - package manager? 7

8. @ahmetb Krew the missing plugin manager for kubectl Kubernetes SIG

   CLI sub-project https://krew.dev (sigs.k8s.io/krew) 8

9. @ahmetb What is Krew? - Functionality - discover plugins -

   install plugins - update plugins - remove plugins - Started in 2018 as an intern project at Google Cloud. - Donated to Kubernetes project in May 2019. - Not an actual package manager - Doesn't handle dependencies. 9

10. @ahmetb kubectl plugins on Krew KubeCon 2018 Seattle Today KubeCon

    2019 EU 10

11. @ahmetb kubectl plugins on Krew KubeCon 2018 Seattle Today KubeCon

    2019 EU 11

12. @ahmetb demo: let's try krew 12

13. @ahmetb why did we need kubectl plugins? 13

14. @ahmetb 1. people want to add new sub-commands to kubectl

    14

15. @ahmetb 15

16. @ahmetb 2. everybody has opinions 16

17. @ahmetb 17

18. @ahmetb 3. reaching consensus in open source is not trivial

    18

19. @ahmetb 19

20. @ahmetb 20

21. @ahmetb 4. we cannot solve everything in the kubernetes core

    21

22. @ahmetb Storage plugins Network plugins Custom controllers Scheduler extension/ custom

    scheduler Custom resources (CRD) API Access Extensions (Admission webhooks, authentication webhook, authz/RBAC webhooks) kubernetes.io/docs/concepts/extend-kubernetes/extend-cluster Kubectl Plugins 22

23. @ahmetb 5. kubernetes core moves slower 23

24. @ahmetb official command plugin KEP + approval no approvals usefulness

    and stability no restrictions hosted in kubectl codebase (Go only) any language tied to Kubernetes release cycle release at your own pace has to be consistent with kubectl has room for creativity takes O(months)..O(years) from alpha→beta→stable develop & distribute in O(hours) 24

25. @ahmetb 6. people are creative 25

26. @ahmetb 26

27. @ahmetb ...even GUI-based plugins 27

28. @ahmetb 7. allow safe experimentation 28

29. @ahmetb ➔ deprecating a kubectl command is painful. ➔ let

    people experiment, graduate successful ones. experimentation 29

30. @ahmetb DEVELOPING PLUGINS 30

31. @ahmetb kubectl plugin mechanism in a nutshell 1. write an

    executable program 2. name it kubectl-something 3. put it in your $PATH 4. invoke as "kubectl something" 31

32. @ahmetb demo: let's develop a plugin! git.k8s.io/sample-cli-plugin 32

33. @ahmetb "kubectl a b c" → is "a" builtin command?

    → kubectl-a-b-c ? → kubectl-a-b ? → kubectl-a ? plugin lookup 33

34. @ahmetb plugin execution runtime 1. look for the plugin executable

    in PATH 2. execve() syscall replace kubectl with the plugin process ◆ inherit environment variables ◆ inherit standard streams ◆ determine exitcode of kubectl invocation 34

35. @ahmetb why develop a kubectl plugin? 35

36. @ahmetb your tool has a weird name and it's not

    very memorable rakkess kubectl access-matrix ketall kubectl get-all ksort kubectl sort-manifests kail kubectl tail feels more natural 36

37. @ahmetb kubectl is missing a feature 37

38. @ahmetb kubectl is missing a feature 38

39. @ahmetb kubectl is missing a feature 39

40. @ahmetb address shortcomings of kubectl kubectl get all: lies to

    you plugin: tells you the truth 40

41. @ahmetb enhances existing kubectl command builtin: query one resource at

    a time plugin: shows a matrix of all capabilities 41

42. @ahmetb enhances existing kubectl command plugin: queries for all subjects

    in the cluster builtin: query one user at a time 42

43. @ahmetb so you have a plugin, now what? ➔ packaging

    ➔ distribution ➔ release 43

44. @ahmetb plugin developer problems • How can people hear about

    my plugin? • How can I package my plugin for others to install? • How can I deliver updates? If you're a kubectl plugin developer, Krew solves these problems. 44

45. @ahmetb packaging/distribution user plugin 45

46. @ahmetb packaging/distribution macOS windows linux Chocolatey Homebrew MacPorts apt yum/dnf

    pacman apk ... user plugin 46

47. @ahmetb Krew to rescue! user plugin Krew 47

48. @ahmetb Without krew https://github.com/guessi/kubectl-grep how to update? how to uninstall?

    48

49. @ahmetb ...users to: • install plugins • keep them up

    to date • remove plugins cleanly ...developers to: • make their plugins discoverable by users • package their plugins for multiple platforms • deliver updates Krew helps... 49

50. @ahmetb Krew currently operates with a centralized package index. sigs.k8s.io/krew-index

    centralized discovery 50

51. @ahmetb packaging & distributing with Krew 1. make your plugin

    available as a .tar.gz or .zip archive 2. write a plugin manifest 3. submit a pull request to krew-index 4. party! 51

52. @ahmetb plugin manifest apiVersion: krew.googlecontainertools.github.com/v1alpha2 kind: Plugin metadata: name: "access-matrix"

    spec: version: "v0.4.0" homepage: "https://github.com/corneliusweig/rakkess" platforms: - <PLATFORM1> - <PLATFORM2> - <PLATFORM3> - ... 52

53. @ahmetb ... # continued spec: platforms: - selector: matchLabels: os:

    linux arch: amd64 uri: https://github.com/corneliusweig/rakkess/releases/v0.4.0/bundle.tar.gz sha256: 7a16c61dfc4e2924fdedc894d59db7820bc4643a58d9a853c4eb83eadd4deee8 files: - from: ./rakkess_linux-amd64 to: ./rakkess - from: ./LICENSE to: "." bin: ./rakkess plugin manifest - platform 53

54. @ahmetb recipes for success 1. name your plugin for clarity

    (see Krew Naming Guide) 2. reuse flags/options and KUBECONFIG detection from k8s.io/cli-runtime/pkg/genericclioptions 3. import auth plugins for cloud clusters import _ "k8s.io/client-go/plugin/pkg/client/auth" 54

55. @ahmetb wrap up 55

56. @ahmetb Join us make kubectl plugins better! • Become a

    kubectl plugin developer, submit your plugins to Krew.dev. • Join developing the Krew project. ◦ you don’t need to be a Kubernetes expert ◦ clean and young codebase ◦ low bug count, high creativity • Bring your ideas to Kubernetes SIG CLI. 56

57. @ahmetb thanks! sigs.k8s.io/krew git.k8s.io/sample-cli-plugin twitter.com/ahmetb github.com/ahmetb 57