Deploying and running a production grade Kubernetes cluster is a daunting task. After all, a Kubernetes cluster is a complex system composed of numerous subsystems that require an expansive set of expertise to ensure proper configuration and operation. The Sonobuoy project is an open source tool designed to provide visibility into a cluster by running diagnostics that capture cluster states to produce informative and comprehensive reports.
The Cloud Native Computing Foundation (CNCF) runs the Certified Kubernetes Conformance Program. The program enables cluster operators to confidently port workloads from one vendor’s installation to another. This provides the ability to choose vendors without worrying about API interoperability.
The CNCF program enables vendors to certify their platforms by using project Sonobuoy to automate the execution of a series of steps that perform a battery of conformance tests on a target cluster. Sonobuoy downloads the appropriate Kuberetes conformance test image, runs the tests and generates a report that can be sent to the CNCF for validation.
Also, because Sonobuoy makes it easy, cluster administrators routinely integrate Sonobuoy in their workflow and automate cluster verification. For instance, Sonobuoy is the perfect solution to verify that the components of a newly deployed production cluster are operating as expected. Or, as many in the community have done, Sonbouy can also be integrated in your CI/CD pipeline to automate cluster verification by periodically running conformance tests.
A pluggable architecture
The Sonobuoy project now supports a pluggable architecture, allowing it to become an expandable platform capable of handling a variety of diagnostics and cluster mitigation needs. Using its plugins, cluster administrators are able to create custom diagnostic solutions to meet specific needs such as cluster security, resource availability, network connectivity and so on.
Besides the end-to-end conformance plugin, the Sonobuoy project offers several other plugins including:
- CIS Benchmark – runs Kube-bench CIS security benchmarks
- Kube Hunter – runs kube-hunter to surface security issues
- Whocan – produces report for RBAC permissions
- Cluster Inventory – produces inventory of cluster resources
- Reliability Scanner – produces report for cluster reliability and readiness assessments
- CNI testing – tests network connectivity among connected components
Many of the plugins started out as conversations and ideas on our Kubernetes Slack community. We will continue to see new plugins being developed by the Sonobuoy team or others in the community at large.
The roadmap for Sonobuoy continues to evolve to take the project to new directions. As the project matures, the Sonobuoy team hopes to continue to modernize the codebase and add new features with the help of the community. Here’s what’s on our TODO list:
As Kubernetes continues to gain momentum on the Windows platform, so does the need to run proper conformance on clusters hosted on Windows machines. The Sonobuoy team is working closely with Kubernetes SIG-Testing to ensure compliance tests can run on Windows clusters. Part of the effort to support Windows, also includes work to ensure that Sonobuoy plugins are capable of running on clusters hosted in Windows environment.
Better plugin management
One area where the team will focus its attention is the improvement of the user experience when using Sonobuoy command-line manage plugins. As the number of plugins continues to increase, the team will be exploring ideas to enhance the Sonobuoy binary to allow local management of plugin manifests for a smoother user experience.
Wait, there’s more!
The Community has more ideas and features in mind—just not enough time to chase them all. Here’s a short list of some additional ideas on the horizon:
- More plugins – plugins to test and diagnose storage conformance
- A user interface – provide users with a GUI to visualize Sonobuoy results
- Cluster-API – add inherent support for Cluster-API managed clusters and objects
- Sonobuoy automation – ability to run Crashd scripts to automate tests and diagnostics
If you are interested in participating in project Sonobuoy, there are several ways you can get involved: