DEV Community

Cover image for Kubediff: A Kubernetes Resource Diff Tool
Farhan
Farhan

Posted on

Kubediff: A Kubernetes Resource Diff Tool

kubediff is a Kubernetes resource diff watcher, with the ability to send event notifications.

Usage

$ kubediff --config=/path/to/config

kubediff: A resource diff watcher for Kubernetes

kubediff is a Kubernetes resource diff watcher with the ability to configure event notifications
to webhook/Slack. It watches the cluster for any resource change (including custom CRDs) and logs them. You can also run it in normal mode, and can export the logs to your preferred logging stack.

Usage:
  kubediff --config=/path/to/config

Flags:
  --config   configuration folder for kubediff

Enter fullscreen mode Exit fullscreen mode

asciicast

Options

You can create a watch on a single namespace, or multiple namespaces. If you want update on all the events, you can simply run kubediff in watch mode and it will update you for all the events when an object is Created/Deleted/Updated.


# Mode (watch/diff). Watch mode logs all events (Create/Update/Delete). Diff mode logs only object diff on update,
mode: watch 

# Name of the resource. Resource name must be in group/version/resource (G/V/R) format
# resource name should be plural (e.g apps/v1/deployments, v1/pods)
resources:
  - kind: v1/pods
  - kind: v1/services
  - kind: apps/v1/deployments
  - kind: apps/v1/statefulsets
  - kind: networking.k8s.io/v1beta1/ingresses
  - kind: v1/nodes
  - kind: v1/namespaces
  - kind: v1/persistentvolumes
  - kind: v1/persistentvolumeclaims
  - kind: v1/configmaps
  - kind: apps/v1/daemonsets
  - kind: batch/v1/jobs
  - kind: rbac.authorization.k8s.io/v1/roles
  - kind: rbac.authorization.k8s.io/v1/rolebindings
  - kind: rbac.authorization.k8s.io/v1/clusterrolebindings
  - kind: rbac.authorization.k8s.io/v1/clusterroles

# add multiple namespaces which you'd like to watch. Use `all` to watch all namespaces.
namespaces:
  - kube-system
  - default
Enter fullscreen mode Exit fullscreen mode

Install

Using helm:

When you have helm installed in your cluster, use the following setup:

helm repo add arriqaaq https://arriqaaq.github.io/charts
helm repo update
helm install --create-namespace --namespace kubediff kubediff arriqaaq/kubediff
Enter fullscreen mode Exit fullscreen mode

You can also install this chart locally by cloning this repo:

helm install --create-namespace --namespace kubediff kubediff helm/kubediff
Enter fullscreen mode Exit fullscreen mode

Using kubectl:

In order to run kubediff in a kind cluster quickly, just run

$ kubectl apply -f hack/deploy.yaml
Enter fullscreen mode Exit fullscreen mode

Configuration:

You can also provide a custom config file:

resources:
  - kind: v1/pods             # Name of the resource. Resource name must be in group/version/resource (G/V/R) format
                              # resource name should be plural (e.g apps/v1/deployments, v1/pods)
  - kind: v1/services
  - kind: apps/v1/deployments
  - kind: apps/v1/statefulsets
  - kind: networking.k8s.io/v1beta1/ingresses
  - kind: v1/nodes
  - kind: v1/namespaces
  - kind: v1/persistentvolumes
  - kind: v1/persistentvolumeclaims
  - kind: v1/configmaps
  - kind: apps/v1/daemonsets
  - kind: batch/v1/jobs
  - kind: rbac.authorization.k8s.io/v1/roles
  - kind: rbac.authorization.k8s.io/v1/rolebindings
  - kind: rbac.authorization.k8s.io/v1/clusterrolebindings
  - kind: rbac.authorization.k8s.io/v1/clusterroles

namespaces:
  - all
Enter fullscreen mode Exit fullscreen mode

Using Go:

# Download and install kubediff
$ go get -u github.com/arriqaaq/kubediff

# Add resources to be watched
kubediff --config=./test/

Enter fullscreen mode Exit fullscreen mode

Resources

Read more on how it is implemented here.

https://github.com/arriqaaq/kubediff

Discussion (2)

Collapse
mhalano profile image
Marcos Alano

What is the relation with kubediff by Waveworks (github.com/weaveworks/kubediff)?

Collapse
arriqaaq profile image
Farhan Author

This uses the controller runtime informers to watch for resources, I guess kubediff by weavework is limited in what it can watch