
Show HN: Goldpinger – Visualize Kubernetes cluster connectivity - seeker89
https://github.com/bloomberg/goldpinger
======
newaccoutnas
Is there any rationale for running docker with sudo (assuing the non uid0 user
is in the docker group)?
[https://github.com/bloomberg/goldpinger/blob/master/Makefile](https://github.com/bloomberg/goldpinger/blob/master/Makefile)

~~~
cyphar
Not really, _but_ note that adding your user to the docker group is precisely
identical to disabling sudo's password authentication for your user (adding
users to the docker group gives a free privilege escalation from that user to
root).

Now, that said, the Docker client does quite a few things (such as unpacking
archives) that you might not want to be done as root. Especially if the client
is running on a different machine.

~~~
ru999gol
is there any easy way to give each user their own docker runtime? I always
thought it would be very useful, this way you can give all of your users the
ability to easily run all the software they want.

~~~
cyphar
Yes, but it'd currently require giving root access to your users. Rootless
containers[1] is a project I started a while ago, and now (with some patches)
you can run Docker (and Kubernetes) as an unprivileged user. There are some
caveats, but I'd recommend checking it out.

[1]: [https://github.com/rootless-containers](https://github.com/rootless-
containers)

------
ptbello
+1 for the clever naming, got me grinning

~~~
seeker89
thanks, gets me every time :D

------
aranair
Just wondering, other than the visualization - what other functionalities/use-
cases does this differ from say node_exporter -> prometheus -> grafana?

~~~
kevml
This solves the reachability problem. In Kubernetes clusters, as well as
traditional virtulaized data center setups, it is possible to encounter a
network partition pretty easily. If your assertion is that all nodes and pods
running on those nodes are mutually reachable then we need to make sure that’s
the case. Pinger makes sure that is true!

~~~
aranair
Hmm, in the case of node_exporters, prometheus can be configured to pull
metrics every X interval and if the target is down it can be alerted through
that way too right?

~~~
seeker89
Yes, but that just tests the connectivity prometheus -> node, which won't
detect some network partitions, for example

------
ArtWomb
I always wanted to visualize this as well ;)

Is the goal here visual debugging and management? Where I can simply click on
a node to alleviate pressure / restart ?

~~~
seeker89
Currently the goal is to 1) alert (via prometheus), 2) visualise to quickly
troubleshoot a cluster.

There is no action built into goldpinger - but feel free to suggest what you
had in mind via issues on github !

------
segmondy
Love it! I have a similiar idea on my backlog, love to see that it's come to
life. :D

~~~
halbritt
That's the best feeling.

Backlogged issue resolved!

------
gigatexal
Ok this is cool.

