Complete Guide to K8sGPT | Simplify Kubernetes Troubleshooting with AI

00:48:16
https://www.youtube.com/watch?v=eKsWS7OM5oY

Summary

TLDRThe video covers the recent surge in AI adoption across industries, emphasizing tools like ChatGPT, and discusses the integration of AI with Kubernetes to enhance productivity and simplify complex Kubernetes environments. The host introduces K8s GPT, a powerful tool designed to facilitate Kubernetes cluster management, debugging, and troubleshooting using AI capabilities. The video provides a comprehensive guide on installing K8s GPT using tools like Helm, setting up necessary configurations, and leveraging the CLI for effective analysis of errors within Kubernetes clusters. Viewers are walked through steps to authenticate K8s GPT with AI backends, utilize commands to pinpoint and explain errors, and maximize the tool's potential with features like anonymization to protect sensitive data. The video also touches upon the integration of K8s GPT with other tools in the cloud-native ecosystem, such as Trivy and Kverno, while illustrating how continuous scanning through the K8s GPT operator can significantly improve cluster management. Emphasis is placed on the community-driven development of K8s GPT and the potential it holds for the future of comprehensive Kubernetes management.

Takeaways

  • πŸ“ˆ AI adoption has risen by 60% in recent years.
  • πŸ€– AI can significantly improve Kubernetes management.
  • πŸ› οΈ K8s GPT helps in debugging and troubleshooting Kubernetes.
  • πŸ’» Helm is needed for installing K8s GPT.
  • πŸ” Anonymize flag in K8s GPT protects sensitive data.
  • πŸ”„ K8s GPT integrates with tools like Trivy and Kverno.
  • 🧩 Filters in K8s GPT help in targeted resource scanning.
  • 🌐 K8s GPT can be authenticated with multiple AI backends.
  • πŸ” K8s GPT operator allows continuous scanning.
  • πŸš€ K8s GPT highlights AI's role in complex IT environments.

Timeline

  • 00:00:00 - 00:05:00

    The video begins by discussing the significant growth in AI adoption across industries, emphasizing how tools like ChatGPT are enhancing productivity and streamlining processes. AI's impact leads to questions about integrating AI with Kubernetes, a widely used container orchestration platform. The speaker proposes using AI to manage Kubernetes environments more efficiently by automating tasks and diagnosing problems.

  • 00:05:00 - 00:10:00

    The video introduces 'Kubes GPT,' a tool that applies AI to simplify troubleshooting and debugging Kubernetes clusters. The speaker intends to demonstrate its capabilities, starting with the prerequisites for using the tool, such as having a Kubernetes cluster and Helm installed. The video promises an exploration of how this tool can enhance Kubernetes management.

  • 00:10:00 - 00:15:00

    The speaker guides through installing Kubes GPT, detailing two installation methods: CLI and operator. The setup requires configuring an AI backend for Kubes GPT to facilitate AI processing. The video covers using different AI backends and highlights integration flexibility with local tools like 'AMA,' which allows running models without API fees.

  • 00:15:00 - 00:20:00

    The video dives into the initial setup of Kubes GPT, focusing on authenticating the tool to an AI backend. The speaker demonstrates using the CLI to authenticate Kubes GPT with AMA, a free AI model platform, explaining different options for backend integration and setting the stage for leveraging AI in Kubernetes error analysis.

  • 00:20:00 - 00:25:00

    The demonstration progresses by creating an error in a Kubernetes pod. The speaker uses Kubes GPT to identify and explain the error, comparing it with results from traditional Kubernetes commands, and shows how Kubes GPT suggests solutions. This illustrates the tool's potential to simplify error diagnosis and provide actionable solutions.

  • 00:25:00 - 00:30:00

    A further example is given where a service configuration error is analyzed using Kubes GPT, demonstrating the tool's ability to identify non-obvious errors by automating analysis processes. The example showcases the tool's utility in simplifying Kubernetes management for users of varying expertise levels by providing direct solutions.

  • 00:30:00 - 00:35:00

    The speaker explains how to refine error analysis using Kubes GPT by applying filters to narrow down the scope of searches to specific resources. This feature helps in managing large Kubernetes environments by focusing analyses on particular namespaces or resource types, thereby reducing the noise from irrelevant error messages.

  • 00:35:00 - 00:40:00

    Integrations with other tools, such as Trivy for vulnerability scanning and Kubes GPT's ability to analyze configuration security, expand its utility. The speaker demonstrates activating integrations and using them to enhance cluster security, providing insights into how Kubes GPT fits into a broader ecosystem of Kubernetes management tools.

  • 00:40:00 - 00:48:16

    Finally, the video covers advanced usage of Kubes GPT through the operator, which enables continuous monitoring and analysis. This automated approach contrasts with manual CLI usage, facilitating proactive Kubernetes management. The video also highlights community and development aspects, encouraging contributions to the tool's growth.

Show more

Mind Map

Video Q&A

  • What is the focus of the video?

    The focus is on the integration of AI, particularly K8s GPT, with Kubernetes for better debugging and troubleshooting.

  • Who is the host of the video?

    The host's name is Kunal.

  • Why is AI integration suggested for Kubernetes?

    AI can improve management efficiency, automate tasks, and streamline decision-making in Kubernetes environments.

  • What tool is introduced for Kubernetes troubleshooting?

    The tool introduced is K8s GPT.

  • What prerequisites are needed to install K8s GPT?

    You need a Kubernetes cluster and Helm pre-installed.

  • What purpose does the 'analyze' command serve in K8s GPT?

    It identifies errors in a Kubernetes cluster and provides potential explanations and solutions.

  • How does K8s GPT ensure data privacy?

    It uses an 'anonymize' flag to mask sensitive information before processing.

  • What advanced features does K8s GPT offer?

    K8s GPT offers integrations with tools like Trivy and Kverno, and supports multiple AI backends.

  • What development stage is the K8s GPT Kverno integration at?

    The Kverno integration is at an early stage, and users might encounter issues.

  • Where can you find more resources or documentation for K8s GPT?

    Resources and documentation are available on its official website and linked documentation.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!
Subtitles
en
Auto Scroll:
  • 00:00:00
    all right I think we all agree that in
  • 00:00:02
    these recent years AI has taken the
  • 00:00:04
    World by strong right I mean tools like
  • 00:00:06
    chat gbt and different products by open
  • 00:00:09
    AI are being used in different
  • 00:00:11
    Industries right and they are actually
  • 00:00:13
    making our work very easier providing us
  • 00:00:15
    insights they're making the entire work
  • 00:00:17
    process a lot more faster therefore
  • 00:00:19
    boosting our productivity as well now
  • 00:00:21
    according to the state of the AI report
  • 00:00:22
    by McKenzie AI adoption has increased
  • 00:00:25
    around 60% in the last year alone I mean
  • 00:00:28
    that's a huge number right and
  • 00:00:29
    businesses are continuously using AI to
  • 00:00:32
    improve their processes and stay ahead
  • 00:00:34
    in terms of innovation now this
  • 00:00:36
    particular Point really got me thinking
  • 00:00:38
    because AI has this kind of significance
  • 00:00:40
    and this impact in all of these
  • 00:00:42
    industries why don't we use AI with
  • 00:00:44
    cuberes cuberes is one of the most
  • 00:00:47
    widely adopted open source container
  • 00:00:49
    orchestration platform out there if you
  • 00:00:50
    don't know about cues I mean if you've
  • 00:00:52
    been following the channel for a while
  • 00:00:54
    you would definitely know what cuberes
  • 00:00:55
    is but if you don't there's an entire
  • 00:00:57
    workshop on cuberes 101 that teaches you
  • 00:01:00
    the basic two advanced concepts about
  • 00:01:02
    cuties you can check out the description
  • 00:01:04
    box down below for its link the point is
  • 00:01:06
    that Cuties is one of the largest open
  • 00:01:08
    source projects out there but we all
  • 00:01:10
    agree that when City's environments grow
  • 00:01:12
    larger it really becomes a challenge
  • 00:01:14
    when it comes to debugging and troubl
  • 00:01:16
    shooting any issues overall it becomes
  • 00:01:18
    really difficult to manage so I think AI
  • 00:01:20
    can make a big difference here right by
  • 00:01:22
    adding AI to a normal communities
  • 00:01:24
    workflow we can make the management
  • 00:01:26
    process much faster and much efficient
  • 00:01:29
    AI can help us as quickly diagnose and
  • 00:01:31
    resolve any issues that we have it can
  • 00:01:33
    automate any routine tasks that we have
  • 00:01:35
    in our C environment and overall can
  • 00:01:37
    improve the decision- making process of
  • 00:01:39
    different companies right now we have
  • 00:01:41
    already seen in the cloud native
  • 00:01:43
    ecosystem that a lot of products have
  • 00:01:45
    started adopting AI in some of the other
  • 00:01:47
    way but there is one tool out there
  • 00:01:49
    which was released very recently and I
  • 00:01:52
    believe that this particular tool brings
  • 00:01:53
    the capabilities of AI to the next level
  • 00:01:56
    hey everyone my name is konal and in
  • 00:01:58
    this particular video we are going to
  • 00:01:59
    learn about Cage's GPT which is a really
  • 00:02:02
    powerful tool that brings the
  • 00:02:04
    capabilities of AI to Cub
  • 00:02:06
    troubleshooting and debugging and makes
  • 00:02:08
    it really easy for you to solve any
  • 00:02:10
    problems in your cuties cluster if this
  • 00:02:12
    sounds interesting to you hit that like
  • 00:02:14
    button and let's get
  • 00:02:15
    [Music]
  • 00:02:19
    started now before we move ahead and
  • 00:02:22
    install KS GPD onto our system there are
  • 00:02:24
    a few things that you need to configure
  • 00:02:25
    number one is you need to have a
  • 00:02:27
    communties cluster up and running so I
  • 00:02:29
    already have G ahead and created one
  • 00:02:30
    using mini Cube so if I write K get
  • 00:02:33
    nodes I have a single node cuties
  • 00:02:34
    cluster running you can use any of the
  • 00:02:36
    cuties distributions out there kind k3d
  • 00:02:39
    k3s or any other of your choice but you
  • 00:02:41
    need one cuties cluster the next thing
  • 00:02:43
    we will need is Helm so we'll actually
  • 00:02:45
    be installing a few Helm charts while we
  • 00:02:47
    go through this particular tutorial so
  • 00:02:49
    you would definitely need Helm
  • 00:02:50
    pre-installed you can go ahead to the
  • 00:02:52
    Helm's website and you can go ahead and
  • 00:02:55
    install Helm from their documentation so
  • 00:02:57
    once we have these two configured and
  • 00:02:59
    installed right let us install kgpt now
  • 00:03:02
    so let's head over to the documentation
  • 00:03:04
    which is dos. kgp. I'll put the link in
  • 00:03:07
    the description box down below so you
  • 00:03:08
    all can check it out but the important
  • 00:03:10
    thing to understand here is that there
  • 00:03:12
    are two ways in which you can install K
  • 00:03:14
    CPD and use it with your cuberes cluster
  • 00:03:16
    number one is using the CLI right and
  • 00:03:19
    that is the most simplest and the most
  • 00:03:21
    basic way you can use KCPD the next is
  • 00:03:23
    using the KCPD operator which we'll
  • 00:03:25
    install in our Q cluster and it will
  • 00:03:28
    constantly keep monitoring our ERS for
  • 00:03:30
    any changes right now as for the
  • 00:03:31
    operator how to install it how to use it
  • 00:03:33
    we have a completely different section
  • 00:03:35
    for that but let's start with the most
  • 00:03:37
    basic which is the CLI right so to
  • 00:03:39
    install the CLI you can go ahead and
  • 00:03:41
    check out the installation guide if you
  • 00:03:43
    have a Mac you can install using Brew
  • 00:03:45
    I've already gone ahead and done that so
  • 00:03:46
    if I write K CP version so you can see I
  • 00:03:49
    have the latest
  • 00:03:51
    0.3.0 which is latest as I'm recording
  • 00:03:54
    this particular video and if you do K
  • 00:03:57
    GPD you can see that these are all the
  • 00:04:00
    bunch of commands that are available to
  • 00:04:01
    us we'll actually be exploring quite a
  • 00:04:03
    bunch of these commands today so it's
  • 00:04:04
    going to be an exciting
  • 00:04:06
    ride all right so I hope we have already
  • 00:04:08
    gone ahead and installed kgpt onto your
  • 00:04:10
    system the next thing we would want to
  • 00:04:12
    do is authenticate kgpt to an AI backend
  • 00:04:15
    okay so if we head over to the reference
  • 00:04:17
    I'll show you what I mean head over to
  • 00:04:19
    the providers so in simple terms a
  • 00:04:21
    backend or a provider is a way for KS
  • 00:04:23
    GPT to talk to the large language model
  • 00:04:25
    or the AI model that we'll be using
  • 00:04:28
    right so we need to authenticate and
  • 00:04:30
    choose one of the models that we want to
  • 00:04:31
    use right now as of recording this video
  • 00:04:34
    kpt supports 11 back ends right so we
  • 00:04:36
    have all the famous ones like open AI we
  • 00:04:39
    have Azure open a we have Amazon Google
  • 00:04:42
    J is also there you can go ahead and use
  • 00:04:44
    the open AI provider for that you would
  • 00:04:47
    need the openai API key right but let us
  • 00:04:49
    say you are just testing right like me
  • 00:04:51
    so you don't want to spend money on any
  • 00:04:53
    API keys so we'll use AMA to keep things
  • 00:04:56
    simple now if you don't know about ama
  • 00:04:58
    ama is basically a tool that can help
  • 00:05:00
    you to run these large language models
  • 00:05:02
    on your local system free of cost right
  • 00:05:05
    so if you just see the list of models
  • 00:05:07
    that are supported so you can see these
  • 00:05:10
    are the list of all the models that you
  • 00:05:11
    can run using AMA so we have the very
  • 00:05:14
    latest llama 3.1 at the time of
  • 00:05:17
    recording this particular video you can
  • 00:05:18
    say it was updated 7 days ago we have
  • 00:05:20
    all these particular models that we can
  • 00:05:22
    use all of them are open source large
  • 00:05:24
    language models you can use any of them
  • 00:05:26
    right now cool so all in all is a pretty
  • 00:05:30
    great way for you to run large language
  • 00:05:32
    models if you don't want to spend any
  • 00:05:34
    money so that's what we are going to use
  • 00:05:35
    kcpt with right now so you can go ahead
  • 00:05:38
    and download AMA for a particular
  • 00:05:40
    operating system there are a bunch of
  • 00:05:41
    different options for Linux Mac and
  • 00:05:43
    windows I've already gone ahead and done
  • 00:05:45
    that so if I write AMA so you can see
  • 00:05:47
    the AMA CLI is already up and
  • 00:05:53
    running okay once you have installed AMA
  • 00:05:56
    right let us see how we can authenticate
  • 00:05:57
    kgpt with the AI back end right for that
  • 00:06:00
    we have a command called as KPD o let us
  • 00:06:03
    write this so KPD or is provides the
  • 00:06:06
    necessary credentials to authenticate
  • 00:06:08
    with the chosen back end now there are
  • 00:06:09
    actually a bunch of options we can use
  • 00:06:11
    here so if I write kgbt Au list this
  • 00:06:14
    actually gives a list of all the
  • 00:06:16
    supported AI backends right so you can
  • 00:06:18
    see that we have a lot of them right
  • 00:06:20
    here and the default one is open Ai and
  • 00:06:23
    we also have Ama one of them listed here
  • 00:06:25
    so we want to use AMA so let us
  • 00:06:26
    authenticate kgpt with AMA for that
  • 00:06:28
    we'll use K CPT
  • 00:06:31
    Au add and you can see it has already
  • 00:06:34
    given us the command so I'll
  • 00:06:35
    autocomplete it let me just walk you
  • 00:06:37
    through it quickly the number one flag
  • 00:06:39
    we are providing is the back end we are
  • 00:06:41
    selecting the back ends from the list of
  • 00:06:43
    back ends that I just showed you we want
  • 00:06:45
    AMA the particular model that we want to
  • 00:06:47
    use right now we want to use Lama 3
  • 00:06:49
    which is second to the latest one right
  • 00:06:51
    now the latest one is Lama 3.1 we can
  • 00:06:53
    use that as well but let's just stick to
  • 00:06:55
    Lama 3 right now and this is the base
  • 00:06:57
    URL right so the base UR L is basically
  • 00:07:00
    the API endpoint where your large
  • 00:07:03
    language model is running now this
  • 00:07:04
    basically depends on the AI provider
  • 00:07:06
    that you're using on some of the AI
  • 00:07:08
    providers that are listed out here you
  • 00:07:10
    wouldn't need to use this base URL now
  • 00:07:12
    why we are using this base URL is
  • 00:07:14
    because we are running this locally so
  • 00:07:16
    this is basically at Local Host if
  • 00:07:18
    you're using a provider such as Google
  • 00:07:19
    gmany or openai you would not need to
  • 00:07:22
    provide this you would just need to
  • 00:07:23
    provide the authentication key that is
  • 00:07:25
    the API key right but right now as we
  • 00:07:27
    are running this locally we would need
  • 00:07:29
    to provide it as the base URL that's how
  • 00:07:31
    kgbt will be able to contact the AMA API
  • 00:07:35
    so let us hit enter it will say AMA is
  • 00:07:38
    added to the AI backend now if you just
  • 00:07:40
    do kgpt o list you would see that ama is
  • 00:07:45
    an active AI provider right now so now
  • 00:07:47
    whenever we use KCPD right to analyze
  • 00:07:49
    our cuties cluster in the back end it's
  • 00:07:51
    using the Lama 3 model and how is it
  • 00:07:53
    doing it it's using AMA as the backend
  • 00:07:55
    provider there's one last thing that is
  • 00:07:57
    left to do which is starting the AMA
  • 00:07:59
    server that is also important right so
  • 00:08:02
    we just have to write AMA serve and this
  • 00:08:05
    will basically start the local server of
  • 00:08:07
    olama and you can see that it's
  • 00:08:09
    listening on Local Host and the port
  • 00:08:12
    number which we have actually configured
  • 00:08:14
    in kcpt right so on this particular
  • 00:08:17
    terminal you'll actually see the request
  • 00:08:19
    that kgbt makes with the AMA back end
  • 00:08:21
    and we'll definitely have a look into it
  • 00:08:22
    as well okay so as I mentioned
  • 00:08:24
    previously right the main purpose of K
  • 00:08:27
    GPT is it uses the power of AI to scan
  • 00:08:31
    our kubernetes cluster and it helps us
  • 00:08:33
    to troubleshoot and debug any errors
  • 00:08:35
    right so before we move on to testing it
  • 00:08:38
    let us create one error explicitly so I
  • 00:08:40
    have this example pod manifest here
  • 00:08:42
    which is named by the name hungry pod
  • 00:08:44
    and you'll definitely understand in a
  • 00:08:46
    bit why we have named this the hungry
  • 00:08:48
    pod right so this is a simple pod that
  • 00:08:50
    will use the busy box container image
  • 00:08:52
    and we have given the CPU value as th000
  • 00:08:55
    this is a pretty simple pod now if you
  • 00:08:56
    look at this right now it doesn't look
  • 00:08:58
    like it will create an error error right
  • 00:09:00
    but let us apply this into our cluster
  • 00:09:02
    and see what happens so we'll do Cube
  • 00:09:04
    CTL I can just do simple K apply minus F
  • 00:09:09
    and we do broken pod. right so the
  • 00:09:12
    hungry pod has been created and it's in
  • 00:09:14
    the default name space so if I do K get
  • 00:09:17
    po by the way K is short of Cub CTL I
  • 00:09:19
    have created an LS for this it actually
  • 00:09:22
    becomes a little bit simple when you
  • 00:09:23
    just use K right so you can see that the
  • 00:09:26
    hungry pod is created but it's in the
  • 00:09:28
    pending state now if you're familiar
  • 00:09:30
    with the basic concept of Cubes right if
  • 00:09:32
    you know your way around a cubes cluster
  • 00:09:35
    your default approach would be okay the
  • 00:09:37
    Pod is in the pending State we can use
  • 00:09:39
    the cube CTL describe command and we can
  • 00:09:42
    use hungry pod right and we can just
  • 00:09:44
    check the P events and see what's the
  • 00:09:47
    problem but let's switch this game right
  • 00:09:49
    and see how far we can go with AI so
  • 00:09:52
    instead of using the cube C command we
  • 00:09:54
    use kzpt
  • 00:09:56
    analyze right and let us see what what
  • 00:09:59
    it gives us so kgpt analyze is a command
  • 00:10:02
    that will list down all the errors in
  • 00:10:04
    your communities cluster right now we're
  • 00:10:06
    actually not concerned with these
  • 00:10:07
    default resources because these were
  • 00:10:09
    created by mini Cube we are concerned
  • 00:10:10
    with our pod right in the default name
  • 00:10:12
    space which is the hungry pod so the
  • 00:10:14
    error is that zero of one nodes are
  • 00:10:18
    available insufficient CPU okay so
  • 00:10:21
    seeing this I can understand that there
  • 00:10:23
    are no nodes available with the
  • 00:10:25
    sufficient CPU to accommodate or to
  • 00:10:27
    schedule that particular pod okay cool I
  • 00:10:29
    understand the error but konal I mean
  • 00:10:32
    this is something that we can also do
  • 00:10:33
    with Cube CDL describe right if we do
  • 00:10:36
    Cube CTL
  • 00:10:37
    describe Po and we do hungry pod you can
  • 00:10:41
    see that the events also gives the same
  • 00:10:44
    error right so what's the difference
  • 00:10:46
    here's when things get interesting let
  • 00:10:48
    us use GPD analyze again now that we
  • 00:10:51
    know the error right we can use the
  • 00:10:53
    explain flag to list down the solution
  • 00:10:56
    for that particular error let me show
  • 00:10:57
    you how we just write k GPT
  • 00:11:01
    analyze
  • 00:11:02
    explain and minus B is the flag that we
  • 00:11:06
    use to specify the back end so right now
  • 00:11:09
    we are using AMA right and we just do
  • 00:11:13
    that so now is when it will contact the
  • 00:11:17
    backend API right and you can see here
  • 00:11:20
    that something is happening in the AMA
  • 00:11:22
    server because kgbt is actually trying
  • 00:11:24
    to contact the API and you can see that
  • 00:11:26
    multiple post requests have been sent to
  • 00:11:29
    this particular address it is Local Host
  • 00:11:31
    API generate and this is what kgpt is
  • 00:11:33
    doing in the back end right let us see
  • 00:11:35
    the results now now it has actually
  • 00:11:36
    given us us a bunch of things which are
  • 00:11:38
    helpful the number one is it has
  • 00:11:40
    simplified the error message so it says
  • 00:11:42
    insufficient CPU resources available to
  • 00:11:44
    schedule the pods with one node having
  • 00:11:46
    insufficient CPU and no preemption
  • 00:11:48
    victims found basically the error that
  • 00:11:50
    we got but it has simplified it and
  • 00:11:52
    basically presented it in plain English
  • 00:11:55
    right and it's much easier to understand
  • 00:11:56
    now and the interesting part is it has
  • 00:11:58
    given us all the possible solutions that
  • 00:12:00
    we can use to fix this particular error
  • 00:12:02
    right so the number one is you can check
  • 00:12:04
    the CPU utilization of that particular
  • 00:12:06
    node you can scale down or delete the
  • 00:12:08
    less critical parts to free up the
  • 00:12:10
    resources and there are a bunch of
  • 00:12:11
    things that you can try out now this is
  • 00:12:12
    pretty interesting n because let us say
  • 00:12:14
    you are a beginner right and you don't
  • 00:12:16
    know your way around cuberes cluster
  • 00:12:18
    that much this is pretty helpful for you
  • 00:12:20
    because this just give you a head start
  • 00:12:22
    right and you can see what are the
  • 00:12:24
    different solutions that I can use to
  • 00:12:25
    solve this particular error and this
  • 00:12:27
    also helps in your learnings as well
  • 00:12:28
    right so before solving it right let us
  • 00:12:30
    see what is the CPU capacity of a node
  • 00:12:33
    right which caus the error in the first
  • 00:12:35
    place so if you do cubc it will get
  • 00:12:36
    nodes if I do Cube CTL describe nodes
  • 00:12:40
    mini
  • 00:12:42
    Cube so in this particular section if
  • 00:12:46
    you scroll up a bit we'll see a section
  • 00:12:48
    named which is capacity right here and
  • 00:12:51
    you can see the CPU limit is 11 course
  • 00:12:54
    right and if you remember our pod we
  • 00:12:56
    have given it 1,000 core CPU right so
  • 00:12:59
    that's what was causing the error in the
  • 00:13:01
    first place right and now if you look at
  • 00:13:04
    the solutions see the fifth one adjust
  • 00:13:06
    the PS resources request and limits to
  • 00:13:08
    better match available node resources so
  • 00:13:10
    the available node resources is 11 CPU
  • 00:13:13
    there's a cap there right so let us say
  • 00:13:16
    we change this to five so that our node
  • 00:13:18
    can accommodate this particular pod so
  • 00:13:20
    in order to apply these changes we'd
  • 00:13:22
    have to delete our pod first right so I
  • 00:13:24
    can do K so let us do K get pods
  • 00:13:29
    then we'll do Cube Cil
  • 00:13:32
    delete pause we'll do hungry pod and
  • 00:13:36
    we'll also use the force flag this is
  • 00:13:37
    optional by the way so now the Pod has
  • 00:13:39
    been deleted let's reapply the Pod now
  • 00:13:42
    the we Cube SE minus F broken pod the
  • 00:13:45
    Pod has been applied and if we do Cube
  • 00:13:48
    CTL get pods it's in the container
  • 00:13:51
    creating State we do again yep the Pod
  • 00:13:54
    is running successfully so we have fixed
  • 00:13:55
    that particular error now if we do KPD
  • 00:13:58
    analyze right without the explained flag
  • 00:14:00
    if you remember KPD analyze gives you
  • 00:14:02
    all the errors in your particular
  • 00:14:04
    cluster and now if you have fixed that
  • 00:14:05
    particular error it shouldn't give us
  • 00:14:08
    again so if we do analyze right now see
  • 00:14:11
    there are only four errors and the error
  • 00:14:12
    it was showing with our pod has gone
  • 00:14:14
    from here okay so I hope you understood
  • 00:14:16
    a very basic example of how this works
  • 00:14:18
    let us try one more example which will
  • 00:14:20
    give you a lot more clarity right so let
  • 00:14:22
    us create two more resources number one
  • 00:14:24
    is we are creating a service right which
  • 00:14:26
    by the name pod SVC and I am also
  • 00:14:29
    creating a pod which is the engine X pod
  • 00:14:31
    and we are attaching the Pod with the
  • 00:14:33
    service using these labels right so let
  • 00:14:36
    us apply
  • 00:14:37
    them we'll use Cube CTL apply minus F
  • 00:14:42
    and what was the name it was pod
  • 00:14:46
    SVC yep let us apply them so you can see
  • 00:14:50
    the service has been created and the Pod
  • 00:14:52
    has also been created so if we do Cube
  • 00:14:54
    CTL get service so I can see the service
  • 00:14:58
    is right here and if we do Cube CTL get
  • 00:15:01
    pods the engine X pod is currently
  • 00:15:04
    creating the
  • 00:15:05
    container okay so the Pod is already
  • 00:15:07
    created but interestingly you'll notice
  • 00:15:09
    that there are no errors right I mean
  • 00:15:11
    just having a look at it you cannot see
  • 00:15:13
    any errors everything is running
  • 00:15:14
    perfectly but we all agree that looks
  • 00:15:17
    can be a little bit deceiving right so
  • 00:15:19
    let us use K GPT analyze to see if we
  • 00:15:22
    have any hidden errors that might have
  • 00:15:25
    occurred so let us see
  • 00:15:29
    okay so if we just scroll down to the
  • 00:15:31
    list you can see that there is an error
  • 00:15:34
    with the service so it says that service
  • 00:15:36
    has no endpoint expected label app
  • 00:15:38
    enginex so there is some kind of error
  • 00:15:40
    with the service and it has to do
  • 00:15:42
    something with the labels right I'm not
  • 00:15:44
    going to check how you can solve it
  • 00:15:46
    because that's where kgpt would come
  • 00:15:48
    into the picture we can use kgpt again
  • 00:15:51
    we'll use the same command kgpt explain
  • 00:15:54
    minus
  • 00:15:55
    Bama so it has given us a bunch of
  • 00:15:58
    solutions let us scroll up okay so it
  • 00:16:01
    says the service has no endpoints
  • 00:16:03
    expected label app enginex let us see
  • 00:16:05
    what are the solutions it's saying check
  • 00:16:07
    if the service is created successfully
  • 00:16:09
    it is to my knowledge we have just
  • 00:16:11
    checked it right now verify that the
  • 00:16:13
    pods are running and have the correct
  • 00:16:15
    label app enginex okay ensure that the
  • 00:16:18
    service is referencing the correct port
  • 00:16:20
    in the spec try deleting and recreating
  • 00:16:22
    the service uh and updating the pods
  • 00:16:25
    labels to match the expected label uh
  • 00:16:28
    okay cool so let us see the second one
  • 00:16:31
    right it's saying verify the pods are
  • 00:16:32
    running and have the correct labels app
  • 00:16:34
    Eng Genex okay so let us check what are
  • 00:16:37
    the labels being used in the service
  • 00:16:40
    right I'll do service o wide and here
  • 00:16:43
    you can see that the label is appix
  • 00:16:46
    right and what is something we are using
  • 00:16:49
    with the Pod okay here we are using
  • 00:16:51
    Enix and here you can see there is a
  • 00:16:54
    spelling mistake it's saying en genix
  • 00:16:57
    without the I right let us say you
  • 00:16:59
    copied any manifest blindly from the
  • 00:17:01
    internet and it got applied and there
  • 00:17:02
    are no errors to be seen But at the end
  • 00:17:04
    of the day the service won't work right
  • 00:17:06
    because the labels are incorrect and
  • 00:17:08
    this was something that you you couldn't
  • 00:17:10
    see with your eyes right because
  • 00:17:11
    everything was working fine but K GPT
  • 00:17:13
    was able to recognize this error cool so
  • 00:17:16
    now we know what the error is we can
  • 00:17:17
    quickly fix it we can do Cube CTL label
  • 00:17:22
    pod and it has already given us the
  • 00:17:24
    command so it's engine export we'll
  • 00:17:26
    change the label app to match it with
  • 00:17:30
    the service and we'll also use the
  • 00:17:31
    override flag which will override the
  • 00:17:33
    existing
  • 00:17:34
    labels so the Pod has been correctly
  • 00:17:36
    labeled we can just verify it we can do
  • 00:17:40
    Cube CTL describe pods engine
  • 00:17:45
    XP right and if we just scroll up and
  • 00:17:48
    verify the label from here it is app
  • 00:17:51
    enginex and I think this was the one
  • 00:17:53
    that the service was also using right
  • 00:17:56
    app enginex cool so now the labels have
  • 00:17:59
    been matched right now if we run KPD
  • 00:18:03
    analyze it shouldn't give us any error
  • 00:18:05
    with our service or either our pod see
  • 00:18:09
    the error is gone so this is how you can
  • 00:18:10
    use kgpt CLI right this is a very basic
  • 00:18:13
    use case of using the CLI right you can
  • 00:18:16
    quickly check for errors you can quickly
  • 00:18:18
    debug these errors and troubleshoot them
  • 00:18:20
    now the examples I showed you are pretty
  • 00:18:22
    simple you would say if you have prior
  • 00:18:24
    knowledge of cuberes but imagine any
  • 00:18:26
    complex example so I think kgp
  • 00:18:29
    in that particular case would be a very
  • 00:18:31
    handy tool to First locate that
  • 00:18:32
    particular error and then give you
  • 00:18:34
    potential solutions that you can use to
  • 00:18:35
    solve it as well right now before we
  • 00:18:37
    move on one thing I would definitely
  • 00:18:39
    want to point out is that when we use
  • 00:18:41
    KPD analyze with the explained flag the
  • 00:18:44
    accuracy of the solutions it provides us
  • 00:18:47
    right it depends on the AI model that
  • 00:18:49
    you're using it depends on the llm that
  • 00:18:51
    you're using so if you are using any
  • 00:18:53
    advanced model with K GPD for example
  • 00:18:56
    open AI because it has got GPD 4 the
  • 00:18:58
    most advanced model out there right
  • 00:19:01
    these results would be more accurate so
  • 00:19:03
    all in all the bottom line is that the
  • 00:19:05
    more accurate large language models you
  • 00:19:07
    will use the more accurate you'll get
  • 00:19:09
    the results right of your particular
  • 00:19:11
    issues this is something that I wanted
  • 00:19:12
    to mention here but right now we are
  • 00:19:14
    testing it locally and AMA is working
  • 00:19:16
    perfectly for us to be honest but yeah
  • 00:19:17
    this is the reason that open is the
  • 00:19:19
    first back end that kgpt supported and
  • 00:19:22
    it's the recommended way for you to use
  • 00:19:24
    kcpt so one thing you might have noticed
  • 00:19:26
    when we use the kcpt analyze command is
  • 00:19:28
    it scans the entire cluster and it was
  • 00:19:30
    actually giving us all of the errors
  • 00:19:32
    present right so if we do kgpt
  • 00:19:36
    analyze so you can see that it is giving
  • 00:19:39
    us all the errors with all the different
  • 00:19:42
    components that we have now because this
  • 00:19:44
    is a demo scenario and we are just
  • 00:19:46
    learning how to use this particular tool
  • 00:19:48
    that's completely fine but imagine if
  • 00:19:50
    you have thousands of cuity spots
  • 00:19:52
    running right and in that you would
  • 00:19:54
    definitely need to focus and filter out
  • 00:19:57
    particular resources for example you
  • 00:19:59
    just want to filter out all the pods and
  • 00:20:01
    just run the scan on those particular
  • 00:20:03
    pods or you might have some services or
  • 00:20:05
    you might have deployments and you just
  • 00:20:07
    want to run scans on those particular
  • 00:20:09
    deployments right let's say you just
  • 00:20:11
    want to focus on a particular name space
  • 00:20:13
    for example right now this particular
  • 00:20:14
    scan is not namespace scoped right it is
  • 00:20:18
    giving me all the results from the cube
  • 00:20:20
    system names space it also gave us
  • 00:20:22
    result from the default namespace when
  • 00:20:23
    we ran it previously so we want to
  • 00:20:25
    filter out resources and we want to
  • 00:20:27
    filter out namespace as well right
  • 00:20:29
    interestingly kgpt supports this so it
  • 00:20:31
    provides us with filters so filters are
  • 00:20:34
    actually a way for selecting which
  • 00:20:36
    resource you wish to be a part of the
  • 00:20:37
    default analysis right so if we just do
  • 00:20:41
    kgpt filters so the filters command
  • 00:20:44
    allows you to manage filters that are
  • 00:20:46
    used to analyze kubernetes resources you
  • 00:20:48
    can list the available filters to
  • 00:20:50
    analyze resources right so again this is
  • 00:20:52
    a way for you to filter out different
  • 00:20:54
    communties resources which you want to
  • 00:20:57
    be a part of the scan and you can you
  • 00:20:58
    can just keep the results clean and only
  • 00:21:00
    focus on what is needed at that
  • 00:21:02
    particular time right so if you do kzpt
  • 00:21:06
    filters list so this basically gives you
  • 00:21:09
    a list of all the available filters that
  • 00:21:11
    you can use right so we have deployment
  • 00:21:13
    pod service these basically include all
  • 00:21:16
    the main cuberes resources right and we
  • 00:21:18
    can use this resource names as a filter
  • 00:21:20
    with the default scan right let me show
  • 00:21:22
    you how we can do it okay so to test it
  • 00:21:24
    out I'll quickly create a bunch of
  • 00:21:25
    Errors so I'll quickly apply some
  • 00:21:28
    malicious pods here one is broken pod
  • 00:21:31
    which is hungry pod that's a pretty
  • 00:21:33
    funny name you would definitely agree
  • 00:21:35
    with me I hope and then we'll also apply
  • 00:21:38
    the service and the Pod as well so now
  • 00:21:40
    if we do Cube CTL get pods you can see
  • 00:21:43
    that we have the hungry pod which is
  • 00:21:44
    again in the pending State because I
  • 00:21:46
    already changed the CPU limit to th000
  • 00:21:49
    again because we want K GPD to detect
  • 00:21:51
    the error right and then we have the
  • 00:21:52
    engine export which is already running
  • 00:21:55
    and we'll also have the service which is
  • 00:21:59
    already running right so again if you
  • 00:22:01
    remember the label is not correct right
  • 00:22:03
    in the Pod it is engine X and in the
  • 00:22:05
    service it is enginex without the I
  • 00:22:10
    right so kgpt will actually cast this
  • 00:22:13
    particular error right now if we do kgpt
  • 00:22:20
    analyze so you can see that it has
  • 00:22:22
    caught the error in the service and also
  • 00:22:25
    the Pod but let us say we want to filter
  • 00:22:28
    out only the pods right so what we can
  • 00:22:32
    do is we can first see the list of
  • 00:22:34
    filters which are
  • 00:22:36
    available right so let's filter out all
  • 00:22:38
    the pods and that's what we want kgpt to
  • 00:22:41
    analyze right so we'll do
  • 00:22:45
    kgpt
  • 00:22:47
    analyze
  • 00:22:48
    oops
  • 00:22:50
    do
  • 00:22:51
    analyze and then we'll use the filter
  • 00:22:54
    flag and then we'll write the name of
  • 00:22:56
    that particular filter cool so you you
  • 00:22:58
    can see that it has filtered out all the
  • 00:23:00
    different errors that we were getting in
  • 00:23:01
    our cluster right and now we are only
  • 00:23:03
    just focused with our particular pod
  • 00:23:05
    right now if we want to provide again
  • 00:23:07
    any solution we can just write the
  • 00:23:09
    explain flag and we'll just use minus
  • 00:23:11
    Bama and we only give us the solution
  • 00:23:13
    for all the pods let us say you want to
  • 00:23:16
    change the filter to service we can do
  • 00:23:18
    that we can just type service
  • 00:23:21
    here and it will filter out all the
  • 00:23:23
    services that you have running in your
  • 00:23:25
    cluster I only have one so that's why
  • 00:23:27
    it's giving me one but let say you have
  • 00:23:29
    multiple Services running so it will
  • 00:23:31
    scan all these services and only output
  • 00:23:33
    the names of the service which may have
  • 00:23:35
    some error in them and that's what it's
  • 00:23:36
    doing right now so the filters makes it
  • 00:23:38
    pretty interesting right now there is
  • 00:23:40
    one more interesting flag that I would
  • 00:23:42
    definitely want to mention is the
  • 00:23:43
    namespace flag which you can use to
  • 00:23:45
    restrict your scan to a particular
  • 00:23:46
    namespace let us say you have a
  • 00:23:48
    malicious SP running in different
  • 00:23:50
    namespace right because by default kgpt
  • 00:23:52
    would analyze the default namespace
  • 00:23:54
    right so let us say we create a new
  • 00:23:56
    namespace create create
  • 00:23:59
    name space and we
  • 00:24:02
    write demo we can you know check as well
  • 00:24:07
    so the demo name space has been created
  • 00:24:10
    right now we can create the pod in the
  • 00:24:13
    demo name space and we write minus end
  • 00:24:16
    demo so if we do K get po minus n demo
  • 00:24:20
    so you can see the Pod has been created
  • 00:24:21
    in the demo name space and this is again
  • 00:24:23
    the hungry pod right it has got some
  • 00:24:25
    error so if we just use the kgpt analyze
  • 00:24:28
    command with the filter right with the
  • 00:24:32
    pod filter so this will list down the
  • 00:24:34
    pod which is running in the default Nam
  • 00:24:35
    space and the one which is also running
  • 00:24:37
    in the demo name space but I only want
  • 00:24:39
    to restrict it to the demo name space
  • 00:24:41
    right so what I can do is I can type the
  • 00:24:45
    namespace flag and I can only just give
  • 00:24:48
    it the name of the
  • 00:24:50
    namespace so it has filtered out and
  • 00:24:52
    given me only the pod which is running
  • 00:24:55
    in the demo name space right let us say
  • 00:24:57
    we try to filter out service right so we
  • 00:25:00
    don't have any service which is running
  • 00:25:01
    in the demo name space so it will give
  • 00:25:03
    us no problems detected because number
  • 00:25:06
    one we don't have any service which is
  • 00:25:07
    running in the demo name space and
  • 00:25:09
    number two even if there was any service
  • 00:25:11
    which was running if the service does
  • 00:25:13
    not have any errors it will not show the
  • 00:25:15
    errors here so if kzpt is not able to
  • 00:25:17
    find any errors in your cluster it will
  • 00:25:19
    give you this particular results no
  • 00:25:21
    problem detected that means your cluster
  • 00:25:23
    is fully secure and there are no errors
  • 00:25:25
    for you to solve cool something you can
  • 00:25:26
    also try is you can use multiple filters
  • 00:25:29
    so let us say if I quickly see the
  • 00:25:31
    filters list so let us say I want to use
  • 00:25:33
    the Pod service and I also want to use
  • 00:25:35
    the node filter right in one single
  • 00:25:36
    command so you don't have to write it
  • 00:25:38
    separately you can just separate them by
  • 00:25:40
    a comma and you can just write filter
  • 00:25:42
    and you can also write node so it will
  • 00:25:45
    only give you the pods service or the
  • 00:25:47
    namespace which has some error right now
  • 00:25:49
    we can see that the node doesn't have
  • 00:25:51
    any errors so kgpt won't show us but we
  • 00:25:54
    can see that we have errors in pod and
  • 00:25:56
    service and that's what kgpt has given
  • 00:25:58
    us right and we can also make it
  • 00:26:01
    namespace scoped so we can just write
  • 00:26:02
    default namespace it will not give us
  • 00:26:04
    the pod which is in the demo namespace
  • 00:26:06
    right now there are a bunch of other
  • 00:26:07
    interesting flags that you can try out
  • 00:26:09
    with the analyze command the namespace
  • 00:26:11
    flag we already looked into there is
  • 00:26:12
    another flag which is the output you can
  • 00:26:14
    change the format of the output you want
  • 00:26:16
    right if we can just do
  • 00:26:18
    kgpt analyze D-
  • 00:26:21
    explain and we use AMA and R we'll write
  • 00:26:25
    output Json so it will give us the
  • 00:26:28
    result in a Json format like this right
  • 00:26:31
    so this particular output is pretty
  • 00:26:32
    useful if you're looking to integrate
  • 00:26:34
    kgpt with any other tool or if you're
  • 00:26:36
    looking to automate any task by
  • 00:26:38
    integrating kgpt right so Json format is
  • 00:26:41
    something which is followed and passed
  • 00:26:44
    in a lot of different tools out there
  • 00:26:45
    right so this particular output format
  • 00:26:47
    can definitely help you in that case
  • 00:26:49
    another one that I would definitely want
  • 00:26:51
    to mention is anonymize now as I
  • 00:26:54
    mentioned previously when we are using
  • 00:26:56
    kgpt the user will send the command to
  • 00:26:59
    the kgpt CLI and the kgpt CLI will send
  • 00:27:02
    all the information of that particular
  • 00:27:03
    command and your system to the AI
  • 00:27:05
    provider and that's how AI provider will
  • 00:27:07
    then process it return it back to the
  • 00:27:09
    CLI and then we'll get the result and it
  • 00:27:11
    will return back to the user now let us
  • 00:27:13
    say you are concerned with the security
  • 00:27:15
    of your system right you may not want to
  • 00:27:17
    send potentially sensitive data to open
  • 00:27:19
    AI or any other AI back end right I mean
  • 00:27:22
    you don't want to send that you don't
  • 00:27:23
    want to do it so there is a flag which
  • 00:27:26
    you can use which is called as anonymous
  • 00:27:28
    so we can just use this flag with the
  • 00:27:30
    analyze command and I'll also put the
  • 00:27:33
    Json output so I can explain it in a
  • 00:27:35
    better way to you now what actually
  • 00:27:36
    happens in the back end when you use the
  • 00:27:38
    anonymized flag now when we send request
  • 00:27:40
    to kgpt it will retrieve all the
  • 00:27:42
    information right and additionally it
  • 00:27:44
    will mask out or hide all the sensitive
  • 00:27:47
    information that could be names of cuber
  • 00:27:49
    resources labels or that could be cuity
  • 00:27:52
    secret as well right so kgpt will mask
  • 00:27:54
    all this information before sending it
  • 00:27:56
    to the AI backend now the AI backend
  • 00:27:58
    will normally process this information
  • 00:28:00
    it will return it to the kgbt CLI it
  • 00:28:03
    will again unmask all the hidden values
  • 00:28:05
    and it will replace it with the original
  • 00:28:07
    name of the community's resources and
  • 00:28:08
    that's what the user sees in front of us
  • 00:28:10
    so at the back end kgpt is actually
  • 00:28:13
    hiding all this kind of sensitive data
  • 00:28:15
    right before sending it to the AI and
  • 00:28:17
    you don't have to worry about any
  • 00:28:18
    sensitive data getting compromised in
  • 00:28:20
    your cluster right so if you just see
  • 00:28:22
    the output here with the anonymized
  • 00:28:25
    flag here you can see that because we
  • 00:28:27
    had had some kind of labels with our
  • 00:28:29
    service right so it has created a
  • 00:28:32
    separate section which is called as
  • 00:28:33
    sensitive and this is the unmasked
  • 00:28:35
    version and this is the mask version so
  • 00:28:38
    the mask version of this particular
  • 00:28:39
    label or the hidden version is what kgpt
  • 00:28:42
    is sending to the AI provider right you
  • 00:28:44
    can scroll down and see more such
  • 00:28:46
    examples right so we have the cube API
  • 00:28:48
    server as well this is also masked so
  • 00:28:51
    this is the value that is being sent to
  • 00:28:53
    the AI back end by K CPT and for example
  • 00:28:55
    if we just use the anonymized filter and
  • 00:28:57
    we don't use the output flag you can see
  • 00:29:00
    that we are able to see all the original
  • 00:29:01
    names right and that's what kzp actually
  • 00:29:03
    does in between it replaces all the mass
  • 00:29:06
    value with the actual names of the
  • 00:29:07
    communties resources cool so I think we
  • 00:29:10
    have covered a lot of important flags
  • 00:29:12
    and some additional functionalities you
  • 00:29:14
    can use with the analyze command if you
  • 00:29:15
    want to check out more you can just type
  • 00:29:17
    kgbt analyze help you can check out more
  • 00:29:20
    interesting options that you can use you
  • 00:29:21
    can also change the language of the
  • 00:29:23
    output right so kgbt supports a bunch of
  • 00:29:25
    language as well this is pretty
  • 00:29:26
    interesting but I hope that by now you
  • 00:29:28
    would definitely have a lot of clarity
  • 00:29:30
    on how kgpt actually is working right
  • 00:29:33
    and what are the different flags and
  • 00:29:34
    what are the different what are the
  • 00:29:36
    different options you can use with the
  • 00:29:37
    analyze command and how you can
  • 00:29:39
    customize your scan to fit your
  • 00:29:40
    particular use case okay so let us talk
  • 00:29:43
    about Integrations right and how you can
  • 00:29:45
    integrate kgbt with other tools in the
  • 00:29:48
    ecosystem and I think when we are
  • 00:29:50
    talking about the cloud native ecosystem
  • 00:29:51
    right the main value lies in how well a
  • 00:29:55
    particular tool can integrate with the
  • 00:29:57
    other tools that are involved in the
  • 00:29:58
    cncm landscape and kgpt actually
  • 00:30:00
    provides us a very simple way to
  • 00:30:02
    integrate with a bunch of tools so let
  • 00:30:04
    us take a look how we can work with
  • 00:30:06
    Integrations in K CPT so for that we
  • 00:30:08
    have a pretty simple command called as K
  • 00:30:10
    CPT Integrations and here are a bunch of
  • 00:30:13
    options that we can use we can activate
  • 00:30:15
    deactivate and list the built-in
  • 00:30:16
    Integrations so let us first list the
  • 00:30:19
    available Integrations right now so we
  • 00:30:22
    can do kgpt integration list and these
  • 00:30:24
    are all the available Integrations at
  • 00:30:27
    the time of recording this particular
  • 00:30:28
    video and in kcpt version 0.3.3 n right
  • 00:30:34
    so we have trivy Prometheus AWS kada and
  • 00:30:38
    we have KERO which is the very latest
  • 00:30:40
    one so how you can install these
  • 00:30:42
    Integrations and how you can use them
  • 00:30:45
    you can find it in this particular
  • 00:30:47
    documentation right here link is in the
  • 00:30:49
    description but in this particular video
  • 00:30:50
    we are going to see how we can use the
  • 00:30:52
    trivy plus the key one integration as
  • 00:30:54
    well okay so let us start with trivy
  • 00:30:56
    trivy is basically a vulnerability
  • 00:30:58
    scanning open source tool by Echo
  • 00:31:00
    security and it helps us find any
  • 00:31:02
    vulnerabilities misconfigurations as
  • 00:31:05
    bombs in containers and all that stuff
  • 00:31:07
    right so it can basically scan container
  • 00:31:08
    images file system git repositories
  • 00:31:11
    virtual machine images communities any
  • 00:31:13
    resources on AWS and all that stuff and
  • 00:31:16
    it will list down all the potential
  • 00:31:18
    vulnerabilities of that particular
  • 00:31:19
    resource right it's a pretty interesting
  • 00:31:21
    tool and if this is your first time make
  • 00:31:23
    sure to check it out I'll leave the link
  • 00:31:24
    in the description box so in order to
  • 00:31:26
    use trivy we just need to activate
  • 00:31:27
    activate that integration so we can just
  • 00:31:29
    use kgbt integration activate trivy and
  • 00:31:33
    what this will do is it will install the
  • 00:31:34
    trivy operator itself onto our
  • 00:31:36
    kubernetes cluster so as you can see
  • 00:31:38
    most of the resources for me were
  • 00:31:40
    already present so it has skipped
  • 00:31:41
    everything but essentially at the end it
  • 00:31:44
    says that the trivy operator kgpt is
  • 00:31:46
    installed we can also actually check
  • 00:31:48
    this using Helm so if we do Helm list
  • 00:31:51
    you can see that the trivy operator K
  • 00:31:53
    GPT is deployed right now cool now if
  • 00:31:56
    you remember in the previous section we
  • 00:31:58
    discussed about filters right and
  • 00:32:00
    filters are a way for you to customize
  • 00:32:02
    your scan based on certain resources now
  • 00:32:04
    any particular integration you add with
  • 00:32:06
    kgpt right it will add more resources to
  • 00:32:09
    the list of filters which we can use
  • 00:32:11
    with the basic Command right now if you
  • 00:32:14
    just confirm whether the integration has
  • 00:32:15
    been added or not we can just write kgpt
  • 00:32:18
    integration list and you can see that
  • 00:32:20
    the trivy integration is active right
  • 00:32:21
    now cool now if you just write kgpt
  • 00:32:25
    filters list you can see that two more
  • 00:32:28
    resources have been added here number
  • 00:32:30
    one is config audit report and the
  • 00:32:32
    number two is vulnerability report these
  • 00:32:35
    were the part of the trivy integration
  • 00:32:37
    right and now we can use these
  • 00:32:39
    particular resources as a filter with
  • 00:32:41
    the kgpt analyze command cool so let me
  • 00:32:44
    show you how it works let's see if we
  • 00:32:46
    have already a bunch of resources
  • 00:32:48
    running yep we already do okay first
  • 00:32:50
    let's copy the name from the filters
  • 00:32:54
    list let's say we want to use the
  • 00:32:56
    vulnerability report filter cool so we
  • 00:32:59
    can write
  • 00:33:00
    kgpt
  • 00:33:04
    analyze and we can just write filter
  • 00:33:08
    we'll paste the name of the
  • 00:33:10
    vulnerability report
  • 00:33:11
    filter and we'll use it so now if you
  • 00:33:14
    see we used kgpt analyze which gives us
  • 00:33:18
    all the errors in our particular cluster
  • 00:33:20
    right but we used the filter as
  • 00:33:22
    vulnerability report this is pretty
  • 00:33:24
    interesting right because at first we
  • 00:33:26
    are able to use kgpt to analyze all of
  • 00:33:28
    our errors in the cluster and then we
  • 00:33:30
    use trivy to get the vulnerability
  • 00:33:32
    report of all the errors right now if
  • 00:33:34
    you have used trivy before you would
  • 00:33:36
    know that it categorizes all the
  • 00:33:38
    vulnerabilities into three categories
  • 00:33:40
    which is normal medium and critical so
  • 00:33:42
    by default kgbt will only display the
  • 00:33:44
    critical vulnerabilities found and
  • 00:33:46
    another thing which is interesting is
  • 00:33:47
    you can head over to one of these links
  • 00:33:49
    and you can learn more about this
  • 00:33:52
    particular vulnerability as well so I
  • 00:33:54
    think this is pretty cool right and
  • 00:33:56
    again we can use the explain flag so
  • 00:33:58
    we'll just wait for a couple of seconds
  • 00:34:00
    to do its thing okay this definitely
  • 00:34:02
    took some time but now it has provided
  • 00:34:04
    us with a lot more information about
  • 00:34:07
    that particular vulnerability as well so
  • 00:34:09
    you can see it has given us the
  • 00:34:10
    information about the vulnerability what
  • 00:34:12
    exactly it is all about what's the root
  • 00:34:15
    cause what are the potential risk and
  • 00:34:17
    what are the potential Solutions we can
  • 00:34:19
    use to mitigate this vulnerability right
  • 00:34:22
    so this is pretty cool and similarly you
  • 00:34:24
    can also use the config audit report
  • 00:34:27
    with your k GPT analyze command and
  • 00:34:29
    that's how you can filter out the
  • 00:34:30
    resources accordingly so that's pretty
  • 00:34:31
    interesting okay so let us see how keyo
  • 00:34:34
    integration also looks like right
  • 00:34:36
    because that is the latest integration
  • 00:34:38
    which came with the 0.3.3 N version you
  • 00:34:41
    can also find the pull request here as
  • 00:34:42
    well and you can check out how it was
  • 00:34:44
    made because this is the very initial
  • 00:34:46
    stages for this particular integration
  • 00:34:48
    now if you remember that when we use the
  • 00:34:50
    triv integration it automatically
  • 00:34:52
    installed the trivy cuties operator onto
  • 00:34:54
    our cluster right but for some Advanced
  • 00:34:56
    Integrations for example Prometheus you
  • 00:34:58
    would need to have the Prometheus
  • 00:35:00
    operator previously configured and
  • 00:35:02
    installed on your cluster right before
  • 00:35:03
    you can activate the integration and use
  • 00:35:05
    it with K CBT so that is the same case
  • 00:35:08
    with keyno so before we use the keyno
  • 00:35:10
    integration we would need to install the
  • 00:35:12
    keyno operator in our cluster and we
  • 00:35:14
    would need to set that up before we can
  • 00:35:15
    use it with K CPT cool by the way if
  • 00:35:18
    you're not familiar with kyero it is a
  • 00:35:20
    policy engine that you can use with
  • 00:35:22
    kubernetes to validate your resources
  • 00:35:24
    right I'll leave the link in the
  • 00:35:25
    description box if this is your first
  • 00:35:27
    time heing about it you can check out
  • 00:35:29
    the documentation as well but let us
  • 00:35:32
    install the key word no operator first
  • 00:35:34
    onto our cluster so for that we have
  • 00:35:36
    these three commands that we'll run
  • 00:35:39
    number one is We'll add the helm repo of
  • 00:35:41
    key wordo then we'll do a repo update
  • 00:35:43
    and then we'll install the keyo operator
  • 00:35:46
    in the keyo namespace we are also
  • 00:35:47
    creating a new
  • 00:35:49
    namespace so it will do a bunch of
  • 00:35:51
    things I already have the key1 no chart
  • 00:35:54
    so it detected that and it has deployed
  • 00:35:56
    key1 no in our cluster so if we do Cube
  • 00:35:58
    CTL get NS so you can see a new name
  • 00:36:02
    space has been created and if we do Cube
  • 00:36:04
    CTL get
  • 00:36:07
    all minus
  • 00:36:09
    n keyware now you can see these are the
  • 00:36:13
    bunch of resources that keyo has created
  • 00:36:16
    for us right so we have a bunch of
  • 00:36:17
    deployments we have a bunch of PS which
  • 00:36:19
    are running Services which are running
  • 00:36:20
    we don't need to worry about it right
  • 00:36:22
    now you can check out in the description
  • 00:36:23
    for more resources but the essential
  • 00:36:25
    thing is that the key1 operator in
  • 00:36:27
    installed and now we can integrate it
  • 00:36:29
    with
  • 00:36:31
    kcpt so we can just do
  • 00:36:33
    kgpt Integrations list and then we can
  • 00:36:38
    add the key1 integration we do kgpt
  • 00:36:41
    integration activate key1 no you can see
  • 00:36:44
    that it has added keyo to the active
  • 00:36:46
    list right and now if we do kgpt filters
  • 00:36:50
    list you can see we have two resources
  • 00:36:52
    that we can use as filters with the
  • 00:36:54
    analyze command one is the cluster
  • 00:36:56
    policy report and one is the policy
  • 00:36:58
    report now before we move on we would
  • 00:37:00
    also need to create a validation policy
  • 00:37:02
    right against which Keo would check for
  • 00:37:04
    any errors so I've already gone ahead
  • 00:37:06
    and created one from the documentation
  • 00:37:08
    itself and this particular policy will
  • 00:37:10
    check whether a pod has the label team
  • 00:37:13
    or not if the pod doesn't have that
  • 00:37:15
    particular label CUO would not let the
  • 00:37:17
    Pod be applied to the cluster cool so
  • 00:37:20
    let us just apply this
  • 00:37:21
    policy this is by the way directly from
  • 00:37:24
    the documentation you can also create
  • 00:37:25
    your own policy if you wish to
  • 00:37:28
    so the policy has been applied and we
  • 00:37:30
    can just quickly test it so let us say
  • 00:37:32
    if we run an engine xod and we don't
  • 00:37:35
    give it the label team right so you can
  • 00:37:37
    see that we received an error from the
  • 00:37:40
    server and it says that the label team
  • 00:37:43
    is required and if we add a pod with the
  • 00:37:47
    label team and we can use app let's say
  • 00:37:50
    so the Pod will get created
  • 00:37:53
    right you can see the engin X2 pod is
  • 00:37:55
    running now so the validation policy is
  • 00:37:57
    also working right we have Keo operator
  • 00:37:59
    installed we have set up a validation
  • 00:38:01
    policy right now there are a bunch of
  • 00:38:03
    resources which are already running in a
  • 00:38:05
    cluster now we want K GPT to First scan
  • 00:38:07
    our entire cluster and only find the
  • 00:38:09
    resources which violates this particular
  • 00:38:11
    policy right so what we can do is we can
  • 00:38:15
    just write kgpt let me just find the
  • 00:38:18
    name first and then we can do kgpt
  • 00:38:21
    analyze and instead of the vulnerability
  • 00:38:25
    filter we can just use the policy report
  • 00:38:28
    filter and you can see that we have a
  • 00:38:30
    whole bunch of resources in our cluster
  • 00:38:31
    which are not following this particular
  • 00:38:34
    validation policy so this is how the
  • 00:38:36
    keyner integration is working right and
  • 00:38:38
    you can definitely use the explain flag
  • 00:38:40
    here to find the solution as well but we
  • 00:38:44
    already know the solution right we don't
  • 00:38:45
    have the team labels with these
  • 00:38:47
    particular resources but all in all this
  • 00:38:49
    is how the key one integration looks
  • 00:38:51
    right now something I would definitely
  • 00:38:53
    want to mention is that as the key1
  • 00:38:55
    integration is at a very early stage at
  • 00:38:57
    the time of recording this video you may
  • 00:38:59
    find some kind of Errors right sometimes
  • 00:39:02
    it may not work when you may add
  • 00:39:04
    additional filters to it this is at a
  • 00:39:06
    pretty initial stage and the community
  • 00:39:07
    is actively working for it so if you
  • 00:39:09
    encounter any new problem feel free to
  • 00:39:11
    open an issue to the KGB GitHub repo I
  • 00:39:14
    link it down in the description as well
  • 00:39:16
    and I think that's the benefit of it
  • 00:39:17
    being an open source project right we
  • 00:39:19
    can all help it improve cool so I think
  • 00:39:22
    we have covered a bunch of stuff let's
  • 00:39:24
    see how the kcpt operator works now cool
  • 00:39:26
    so I think we have spent an extensive
  • 00:39:28
    amount of time exploring the kgpt CLI
  • 00:39:31
    right and I think this is a great way to
  • 00:39:33
    get started and perform quick scans in
  • 00:39:35
    your cluster now what if you want to
  • 00:39:37
    continuously scan your cluster right you
  • 00:39:39
    don't want to mess with the CLI you
  • 00:39:41
    don't want all these manual processes so
  • 00:39:43
    for that we have the kgpt operator which
  • 00:39:45
    you can install in your cuties cluster
  • 00:39:47
    itself and it will continuously scan for
  • 00:39:50
    any errors and any issues in your
  • 00:39:52
    cluster and you can continuously view
  • 00:39:54
    those results and resolve the issues as
  • 00:39:56
    well so this is basically the
  • 00:39:57
    architecture of what are the different
  • 00:39:59
    components that are included in the kgbt
  • 00:40:01
    operator so you can see we have the
  • 00:40:03
    operator we have the community's custom
  • 00:40:05
    resource definition and then it creates
  • 00:40:07
    a bunch of KCBD deployment which talks
  • 00:40:09
    to the API server and that's how it
  • 00:40:12
    communicates with the communities
  • 00:40:13
    operator optionally you can also set
  • 00:40:16
    Prometheus to scrape out the Matrix of
  • 00:40:19
    the particular operator and you can
  • 00:40:20
    monitor the performance of the operator
  • 00:40:22
    itself as well so installing the
  • 00:40:24
    operator is pretty simple we are just
  • 00:40:25
    using Helm to add the repo update it and
  • 00:40:27
    then install the operator itself in a
  • 00:40:29
    new namespace I already installed it so
  • 00:40:32
    it's already running in my system I'll
  • 00:40:33
    not do this so if I just do K GPT get NS
  • 00:40:37
    you can see that a new namespace is
  • 00:40:40
    already created and if I do K GPT get
  • 00:40:44
    all I'm sorry Cube CTL get
  • 00:40:47
    all so you can see I have a
  • 00:40:51
    deployment a service and a replica set
  • 00:40:53
    already up and running and these are the
  • 00:40:55
    resources that are a part of the kgbt
  • 00:40:58
    operator
  • 00:41:00
    cool now according to the guide now the
  • 00:41:02
    next step which we would need to do is
  • 00:41:05
    deploy the API key of the back end that
  • 00:41:07
    we are using as a secret right so right
  • 00:41:09
    now I'm using AMA so we don't have a
  • 00:41:11
    secret to be deployed but according to
  • 00:41:13
    the documentation it's given that it's
  • 00:41:16
    compulsory so this is what I did if I
  • 00:41:18
    write kgpt o list you can see now the
  • 00:41:21
    active back end is open a so I replaced
  • 00:41:24
    AMA with open a right using the API key
  • 00:41:27
    you can create your account on open or
  • 00:41:29
    you can also write K GPT
  • 00:41:34
    generate which will automatically lead
  • 00:41:36
    you to that particular page where you
  • 00:41:38
    want to create your API key right so now
  • 00:41:40
    that we have our API key ready we can
  • 00:41:42
    create this particular kubernetes secret
  • 00:41:44
    and before that I'll
  • 00:41:47
    just export this environment
  • 00:41:50
    variable so we can just write
  • 00:41:53
    export you don't need to copy this
  • 00:41:55
    because this won't work after the
  • 00:41:57
    tutorial I'll be sure to delete it and
  • 00:41:59
    now let's create our secret it said fail
  • 00:42:03
    to create secret already exist oops if I
  • 00:42:06
    do K
  • 00:42:09
    get
  • 00:42:11
    Secrets okay I can do secrets in all
  • 00:42:14
    name spaces so I think it's in a
  • 00:42:15
    different name space yep here it is so
  • 00:42:18
    let us maybe delete it that's the
  • 00:42:22
    simplest possible solution I can think
  • 00:42:25
    of right now so we do loate delete
  • 00:42:28
    Secrets minus
  • 00:42:31
    n the name space is this and the secret
  • 00:42:36
    we want to delete is this and we'll use
  • 00:42:38
    the force flag you don't have to use it
  • 00:42:40
    again cool I think now the error should
  • 00:42:43
    be
  • 00:42:44
    gone so now we can create the secret
  • 00:42:47
    okay the secret has been created now we
  • 00:42:49
    can deploy the custom resource of K gbt
  • 00:42:53
    right so before we apply let us examine
  • 00:42:55
    the file first right so it's a kind
  • 00:42:57
    Cades GPT the model we are using is 3.5
  • 00:43:00
    turbo the AI provider we are using is
  • 00:43:02
    open Ai and the name of the secret which
  • 00:43:04
    we have just created the only thing we
  • 00:43:06
    need to change here is the version so
  • 00:43:09
    make sure you are on the latest version
  • 00:43:11
    you just need to replace it with the
  • 00:43:13
    latest version that you are on of G GPT
  • 00:43:16
    cool and I think everything looks good
  • 00:43:18
    now we can just apply this you'll do
  • 00:43:22
    ggpt apply
  • 00:43:24
    resource and you can see that the
  • 00:43:27
    resource kgpt sample has been created
  • 00:43:31
    okay so once you have applied that
  • 00:43:33
    particular resource right you can just
  • 00:43:35
    go ahead and do Cube seed get results uh
  • 00:43:38
    in the Json format right and right now
  • 00:43:42
    it's empty because this particular step
  • 00:43:45
    takes a little bit of time it is also
  • 00:43:47
    mentioned in the documentation as well
  • 00:43:49
    once the initial scans have been
  • 00:43:51
    completed after several minutes you will
  • 00:43:53
    be presented with the results custom
  • 00:43:55
    resources right so this is how the
  • 00:43:57
    results look like it will give you the
  • 00:44:00
    details and it will also give you the
  • 00:44:02
    error as well right now an interesting
  • 00:44:04
    way in which you can view these
  • 00:44:06
    particular results is via Prometheus as
  • 00:44:08
    well so if we go to references and we
  • 00:44:11
    head over to the options here so these
  • 00:44:14
    are a bunch of options that you can set
  • 00:44:16
    and customize how you want to use the
  • 00:44:18
    kgpt operator right for example as it's
  • 00:44:21
    mentioned in the diagram as well we can
  • 00:44:23
    use Prometheus to scrape out the in
  • 00:44:25
    cluster Matrix and then we can use
  • 00:44:27
    grafana to view those particular metrics
  • 00:44:30
    right now this is something I'm not
  • 00:44:32
    going to show in this particular video
  • 00:44:34
    because I think it has already been a
  • 00:44:35
    long one and we have covered a bunch of
  • 00:44:36
    interesting stuff but I'll not leave you
  • 00:44:38
    hanging I'll leave a link to a resource
  • 00:44:40
    that you can check out in the
  • 00:44:41
    description box if you want to know how
  • 00:44:43
    to set Prometheus and how you want to
  • 00:44:45
    enable grafana as well and that's how
  • 00:44:48
    you can use the kzpt operator to its
  • 00:44:50
    full extent cool I think we have covered
  • 00:44:52
    a lot of interesting stuff a few things
  • 00:44:54
    that I would definitely want to mention
  • 00:44:56
    before we part ways if you are new to
  • 00:44:58
    kgbt you can check out the kgpt c
  • 00:45:00
    tutorial which is with killer Koda right
  • 00:45:04
    so this is a great way for you to just
  • 00:45:07
    get started get to know how the CLI is
  • 00:45:09
    actually working just play around with
  • 00:45:10
    the commands right and see how they are
  • 00:45:12
    working right so shout out to the
  • 00:45:14
    community for creating this two
  • 00:45:15
    additional things that is something for
  • 00:45:17
    you to explore is how you can create
  • 00:45:19
    custom analyzers so if you remember that
  • 00:45:22
    when we do
  • 00:45:23
    kgpt filters list so the kubernetes
  • 00:45:27
    resources that you see in this
  • 00:45:29
    particular list are actually called as
  • 00:45:30
    analyzers right and if you head over to
  • 00:45:33
    this repo of kgbt you can find the
  • 00:45:36
    analyzer Dogo file and here you can see
  • 00:45:39
    the list of all the analyzers that are
  • 00:45:41
    built into kgbt right so one interesting
  • 00:45:44
    thing is that you can write your own
  • 00:45:45
    custom analyzer that matches your
  • 00:45:47
    specific use case so this particular
  • 00:45:49
    guide will provide a way for you to
  • 00:45:51
    write your own analyzer right it has a
  • 00:45:53
    bunch of things so you can definitely
  • 00:45:54
    check this one out another interesting
  • 00:45:57
    thing you can also check is how you can
  • 00:45:58
    integrate kgpt operator with slack this
  • 00:46:01
    is something interesting because for
  • 00:46:03
    example if your team is working on slack
  • 00:46:05
    and you'll want constant updates from
  • 00:46:06
    kgpt you can configure the operator to
  • 00:46:10
    use slack and it will send you constant
  • 00:46:12
    updates about any issues that may occur
  • 00:46:15
    right and it's pretty simple it's pretty
  • 00:46:16
    straightforward you just have to
  • 00:46:18
    uncomment this particular section and
  • 00:46:20
    you just have to add the slack web URL
  • 00:46:23
    here this is definitely something for
  • 00:46:24
    you to explore and by the way all the
  • 00:46:26
    steps are are also mentioned in the
  • 00:46:28
    documentation as well for your help
  • 00:46:29
    which you can check out and follow along
  • 00:46:31
    cool so I think we have covered a lot in
  • 00:46:33
    this particular tutorial I hope that you
  • 00:46:35
    were able to follow along and learn how
  • 00:46:37
    kzpt actually makes the entire process
  • 00:46:40
    of debugging and troubleshooting a
  • 00:46:43
    cuties cluster really easy and really
  • 00:46:45
    simple for you all I definitely believe
  • 00:46:47
    that this is just the start we are
  • 00:46:48
    already seeing a huge impact AI has been
  • 00:46:51
    making in the devops and Cloud native
  • 00:46:53
    and all of the other Tech Industries and
  • 00:46:55
    I believe that kgpt is one such tool
  • 00:46:57
    which really shows promise and it really
  • 00:46:59
    shows the impact AI can make in managing
  • 00:47:02
    a complex cuberes environment a quick
  • 00:47:04
    summary of what all we covered in this
  • 00:47:05
    particular video we covered what is kgpt
  • 00:47:08
    we then went onto the installation we
  • 00:47:10
    saw how kgpt helps you to analyze your
  • 00:47:13
    cluster for any errors then we also took
  • 00:47:15
    a look at how kgpt connects to an AI
  • 00:47:17
    backend provider to provide you with
  • 00:47:19
    potential Solutions in simple language
  • 00:47:22
    then we also saw how we can integrate
  • 00:47:23
    kgpt with different tools in the cloud
  • 00:47:26
    native ecosystem I think that's a really
  • 00:47:27
    powerful feature and the community is
  • 00:47:29
    actively working to include more
  • 00:47:31
    Integrations into the codebase and
  • 00:47:33
    lastly we also had a nice overview of
  • 00:47:35
    how we can use the kgpt operator and
  • 00:47:38
    some of the additional features like
  • 00:47:39
    slack integration and how you can create
  • 00:47:41
    your custom analyzers now these are some
  • 00:47:43
    features I want you to try out and let
  • 00:47:45
    me know in the comment section down
  • 00:47:46
    below what do you all think about it
  • 00:47:48
    lastly all the resources I showed you in
  • 00:47:50
    this particular video and some
  • 00:47:51
    additional resources I'll be sure to
  • 00:47:53
    link it down in the description box down
  • 00:47:55
    below so you all can check it out out
  • 00:47:57
    and the KGB Community is growing so give
  • 00:47:59
    it a try and don't hesitate to get
  • 00:48:02
    involved in its development as well but
  • 00:48:03
    yeah if you really enjoyed the video
  • 00:48:05
    make sure to hit the Subscribe button I
  • 00:48:07
    think you'll find it somewhere here and
  • 00:48:08
    make sure to hit that like button for
  • 00:48:10
    the algorithm it really helps us out but
  • 00:48:12
    yeah I'll see you all in another video
  • 00:48:14
    bye
Tags
  • AI
  • Kubernetes
  • ChatGPT
  • K8s GPT
  • troubleshooting
  • integration
  • K8s CLI
  • cloud-native
  • Trivy
  • Kverno