Skip to content

Using Integration and Filters in K8sGPT

K8sGPT offers integration with other tools. Once an integration is added to K8sGPT, it is possible to use its resources as additional filters.

  • Filters are a way of selecting which resources you wish to be part of your default analysis.
  • Integrations are a way to add resources to the filter list.

The first integration that has been added is Trivy. Trivy is an open source, cloud native security scanner, maintained by Aqua Security.

K8sGPT also supports a Prometheus integration. Prometheus is an open source monitoring solution.

Use the following command to access all K8sGPT CLI options related to integrations:

k8sgpt integrations

Prerequisites

For using the K8sGPT integrations please ensure that you have the latest version of the K8sGPT CLI installed. Also, please make sure that you are connected to a Kubernetes cluster.

Activating a new integration

Prerequisites

  • Connected to a running Kubernetes cluster, any cluster will work for demonstration purposes.

To list all integrations run the following command:

k8sgpt integrations list

This will provide you with a list of available integrations.

Trivy

Activate the Trivy integration:

k8sgpt integration activate trivy

Once activated, you should see the following success message displayed:

Activated integration trivy

This will install the Trivy Kubernetes Operator into the Kubernetes cluster and make it possible for K8sGPT to interact with the results of the Operator.

Once the Trivy Operator is installed inside the cluster, K8sGPT will have access to VulnerabilityReports and ConfigAuditReports:

❯ k8sgpt filters list

Active:
> VulnerabilityReport (integration)
> Pod
> ConfigAuditReport (integration)
Unused:
> PersistentVolumeClaim
> Service
> CronJob
> Node
> MutatingWebhookConfiguration
> Deployment
> StatefulSet
> ValidatingWebhookConfiguration
> ReplicaSet
> Ingress
> HorizontalPodAutoScaler
> PodDisruptionBudget
> NetworkPolicy

More information can be found on the official Trivy-Operator documentation.

Using the new filters to analyze your cluster

Any of the filters listed in the previous section can be used as part of the k8sgpt analyze command.

To use the VulnerabilityReport filter from the Trivy integration, set it through the --filter flag:

k8sgpt analyze --filter VulnerabilityReport

This command will analyze your cluster Vulnerabilities through K8sGPT. Depending on the VulnerabilityReports available in your cluster, the result of the report will look different:

❯ k8sgpt analyze --filter VulnerabilityReport

0 demo/nginx-deployment-7bcfc88bbf(Deployment/nginx-deployment)
- Error: critical Vulnerability found ID: CVE-2023-23914 (learn more at: https://avd.aquasec.com/nvd/cve-2023-23914)
- Error: critical Vulnerability found ID: CVE-2023-27536 (learn more at: https://avd.aquasec.com/nvd/cve-2023-27536)
- Error: critical Vulnerability found ID: CVE-2023-23914 (learn more at: https://avd.aquasec.com/nvd/cve-2023-23914)
- Error: critical Vulnerability found ID: CVE-2023-27536 (learn more at: https://avd.aquasec.com/nvd/cve-2023-27536)
- Error: critical Vulnerability found ID: CVE-2019-8457 (learn more at: https://avd.aquasec.com/nvd/cve-2019-8457)

Prometheus

The Prometheus integration does not deploy resources in your cluster. Instead, it detects a running Prometheus stack in the provided namespace using the --namespace flag. If you do not have Prometheus running, you can install it using prometheus-operator or kube-prometheus.

Activate the Prometheus integration:

k8sgpt integration activate prometheus --namespace <namespace>

If successful, you should see the following success message displayed:

Activating prometheus integration...
Found existing installation
Activated integration prometheus

Otherwise, it will report an error:

Activating prometheus integration...
Prometheus installation not found in namespace: <namespace>.
                Please ensure Prometheus is deployed to analyze.
Error: no prometheus installation found

Once activated, K8sGPT will have access to new filters:

❯ k8sgpt filters list

Active:
> PersistentVolumeClaim
> Service
> ValidatingWebhookConfiguration
> MutatingWebhookConfiguration
> PrometheusConfigRelabelReport (integration)
> Deployment
> CronJob
> Node
> Pod
> PrometheusConfigValidate (integration)
> Ingress
> StatefulSet
> PrometheusConfigReport
> ReplicaSet
Unused:
> HorizontalPodAutoScaler
> PodDisruptionBudget
> NetworkPolicy
> Log
> GatewayClass
> Gateway
> HTTPRoute

Using the new filters to analyze your cluster

Any of the filters listed in the previous section can be used as part of the k8sgpt analyze command.

The PrometheusConfigValidate analyzer does a basic "sanity-check" on your Prometheus configuration to ensure it is formatted correctly and that Prometheus can load it properly. For example, if Prometheus is deployed in the monitoring namespace and has a bad config, we can analyze the issue using the --filter flag:

❯ k8sgpt analyze --filter PrometheusConfigValidate --namespace monitoring --explain

0 monitoring/prometheus-test-0(StatefulSet/prometheus-test)
- Error: error validating Prometheus YAML configuration: unknown relabel action "keeps"
Error: Unknown relabel action "keeps" in Prometheus configuration.

Solution:
1. Check the Prometheus documentation for valid relabel actions.
2. Correct the relabel action to a valid one, such as "keep" or "drop".
3. Ensure the relabel configuration is correct and matches the intended behavior.
4. Restart Prometheus to apply the changes.

The PrometheusConfigRelabelReport analyzer parses your Prometheus relabeling rules and reports groups of labels needed by your targets to be scraped successfully.

❯ k8sgpt analyze --filter PrometheusConfigRelabelReport --namespace monitoring --explain

Discovered and parsed Prometheus scrape configurations.
For targets to be scraped by Prometheus, ensure they are running with
at least one of the following label sets:
- Job: prom-example
  - Service Labels:
    - app.kubernetes.io/name=prom-example
  - Pod Labels:
    - app.kubernetes.io/name=prom-example
  - Namespaces:
    - default
  - Ports:
    - metrics
  - Containers:
    - prom-example
- Job: collector
  - Service Labels:
    - app.kubernetes.io/name=collector
  - Pod Labels:
    - app.kubernetes.io/name=collector
  - Namespaces:
    - monitoring
  - Ports:
    - prom-metrics
  - Containers:
    - collector

Note: the LLM prompt includes a subset of your Prometheus relabeling rules to avoid using too many tokens, so you may not see every label set in the output.

AWS

The AWS Operator is a tool that allows Kubernetes to manage AWS resources directly, making it easier to integrate AWS services with other Kubernetes applications. This integration helps K8sGPT to interact with the AWS resources managed by the Operator. As a result, you can use K8sGPT to analyze and manage not only your Kubernetes resources but also your AWS resources that are under the management of the AWS Operator.

Activate the AWS integration:

k8sgpt integration activate aws

Once activated, you should see the following success message displayed:

Activated integration aws

This will activate the AWS Kubernetes Operator into the Kubernetes cluster and make it possible for K8sGPT to interact with the results of the Operator.

Once the AWS integration is activated inside the cluster, K8sGPT will have access to EKS:

❯ k8sgpt filters list

Active:
> StatefulSet
> Ingress
> Pod
> Node
> ValidatingWebhookConfiguration
> Service
> EKS (integration)
> PersistentVolumeClaim
> MutatingWebhookConfiguration
> CronJob
> Deployment
> ReplicaSet
Unused:
> Log
> GatewayClass
> Gateway
> HTTPRoute
> HorizontalPodAutoScaler
> PodDisruptionBudget
> NetworkPolicy

More information can be found on the official AWS-Operator documentation.

Using the new filters to analyze your cluster

Any of the filters listed in the previous section can be used as part of the k8sgpt analyze command.

Note: Ensure the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set as outlined in the AWS CLI environment variables documentation.

To use the EKS filter from the AWS integration, specify it with the --filter flag:

k8sgpt analyze --filter EKS

This command analyzes your cluster's EKS resources using K8sGPT. Make sure your EKS cluster is working in the specified namespace. The report's results will vary based on the EKS reports available in your cluster.

Adding and removing default filters

Remove default filters

k8sgpt filters add [filter(s)]
  • Simple filter : k8sgpt filters add Service
  • Multiple filters : k8sgpt filters add Ingress,Pod

Remove default filters

k8sgpt filters remove [filter(s)]
  • Simple filter : k8sgpt filters remove Service
  • Multiple filters : k8sgpt filters remove Ingress,Pod