Sonobuoy is a diagnostic tool that makes it easier to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests and other plugins in an accessible and non-destructive manner.
golang:1.18
(#1674)A tiny, weekly release but with new information from the results tarball via 65a726ab
A small release as we try and get into the habit of weekly releases.
This release found a surprisingly large amount of new features and improvements including: The common theme in these features is that they are about making what you might already do, better:
--mode=conformance-lite
optionsonobuoy e2e
without having to launch a single pod--aggregator-permissions
)See details for these and other improvements below.
Sonobuoy has a new command sonobuoy modes
which lists the what each of the various --mode
options means for the E2E plugin.
This allows users to choose the appropriate mode without even having to navigate to the web documentation.
Instead, sonobuoy modes
shows the the name of the mode, its purpose, and its focus/skip/parallel values.
A new option for --mode
was added: conformance-lite
which runs the fastest tests from the conformance suite (~80%) in parallel.
This allows running of hundreds of tests in just minutes which can cut down CI and debugging times.
We still get numerous questions regarding what tests from the E2E conformance suite can/should be run or what tags are available.
Built into the conformance tests is a "dry-run" feature which allows you to try out regular expressions and filter the tests without running them.
However, doing this still requires you launch Sonobuoy and e2e pods, gather results, and inspect them.
The new sonobuoy e2e
command will allow you to try out focus/skip values and immediately get the resulting test list.
Not only that, but by editing the output --mode
, you can print only the test tags with or without their respective frequency counts.
Sonobuoy gathers lots of data from the API in order to aid in debugging.
If you want that information without bothering with launching any pods at all, just run sonobuoy query
.
All the query logic has been extracted and made available on the CLI for faster, easier access.
The --aggregator-permissions
options have expanded to include:
clusterRead
which is namespace admin permissions with added read-only permissions at the cluster levelnamespaceAdmin
which has no cluster permissions, only namespaced onesclusterAdmin
In most cases the default is a good choice, but in production clusters where access is more carefully monitored, the other options may be a better fit.
aea30a00 Adjust progress messages to allow for appending data
94b6f18f Allow setting aggregator env vars via CLI
--plugin-env
flag using the reserved plugin name sonobuoy
. For instance, --plugin-env sonobuoy.KEY=val
.9ba34dc2 Modify entrypoint for getting e2e test images
sonobuoy images
to fail for Kubernetes v1.22+c7c47dcd Roles and bindings should have namespace label for deltion
sonobuoy delete --all
to include deleting all cluster roles related to any Sonobuoy run, regardless of namespace.
Added back a "namespace" label for ClusterRoles and ClusterRoleBindings in order to properly associate them with their Sonobuoy run.ec3df495 Continue with run even if unable to query nodes
--aggregator-permissions=namespaceAdmin
option to fail due to the inability to query cluster nodes.