6 Kubernetes Testing Tools to Use in Your DevSecOps Pipelines

DevSecOps Tools to Use in Your DevSecOps Pipelines

Kubernetes testing keeps operations in check in case there are irregularities. In this article, we are discussing some tools used in Kubernetes-based environments for testing.

K6

K6 is a popular Kubernetes testing tool. It has 11.1k stars and 550 forks on GitHub. It is a modern load testing tool and it uses Golang and Javascript. It provides a scripting API, local and cloud execution and a flexible configuration structure.

Some of its features include the following:

Scripting in ES6 JS: support for modules to aid code reusability across an organization
Everything as code: test logic and configuration options are both in JS for version control friendliness
Automation-friendly: checks (like asserts) and thresholds for easy and flexible CI configuration
HTTP/1.1, HTTP/2, WebSocket, and gRPC protocol support
TLS features: client certificates, configurable SSL/TLS versions and ciphers
Batteries included: Cookies, Crypto, Custom metrics, Encodings, Environment variables, JSON, HTML forms, files, flexible execution control, and more.
Built-in HAR converter: record browser sessions as .har files and directly convert them to k6 scripts
Flexible metrics storage and visualization: InfluxDB (+Grafana), JSON or k6 Cloud
Cloud execution and distributed tests (currently only on infrastructure managed by Load Impact, with native distributed execution in k6 planned for the near future

Test-Infra

The Testinfra tool is a collection of other tools and result verification. It has several dashboards that display different metrics and results like history, failures, PRs to be merged, trigger tests, running jobs, and other things.

Mainly Testinfra allows developers to write unit tests in Python to test the actual state of their servers configured by management tools like Salt, Ansible, Puppet, and Chef..etc Testinfra comes with several Kubernetes (and non-Kubernetes) connection backends for remote command execution like Docker, Podman, Kubectl.

The kubectl backend, for instance, can be used to test containers running in Kubernetes. It uses the kubectl exec command and support connecting to a given container name within a pod and using a given namespace:

# will use the default namespace and default container
$ py.test --hosts='kubectl://mypod-a1b2c3'
# specify container name and namespace
$ py.test --hosts='kubectl://somepod-2536ab?container=nginx&namespace=web'
# specify the kubeconfig context to use
$ py.test --hosts='kubectl://somepod-2536ab?context=k8s-cluster-a&container=nginx'
# you can specify kubeconfig either from KUBECONFIG environment variable
# or when working with multiple configuration with the "kubeconfig" option
$ py.test --hosts='kubectl://somepod-123?kubeconfig=/path/kubeconfig,kubectl://otherpod-123?kubeconfig=/other/kubeconfig'

Other examples are available on the official documentation.

Test-Infra can perform end-to-end testing for full Kubernetes lifecycle emulation on different providers.

It has 2.5k stars and 1.7 forks on GitHub.

Kube-Monkey

In dealing with Kubernetes clusters, Kube-monkey is a testing tool that involves the implementation of Netflix’s Chaos Monkey. Meanwhile, a chaos monkey is a resiliency tool that helps applications tolerate random instance failures in the production environment. Kube-Monkey has 1.9k stars and 176 forks on GitHub.

What the Kube-Monkey tool does is to randomly delete some K8s pods in the cluster which will foster the development of services that are resistant to failures.

The testing tool runs with some certain configurations, for instance, a pre-configured hour for weekdays, scheduling of deployments that will face random death sometime during the day then finally the time that the pod destruction will occur can be set.

Litmus

Litmus is another Chaos Engineering tool.

Developers can use this tool to find weaknesses and loopholes in their deployments. It can be used in staging environments to experiment and in a production environment to find bugs and vulnerabilities and make Kubernetes more secure and resilient.

Litmus can be easily installed using Helm and is a Cloud Native Computing Foundation sandbox project. The project is mainly developed by MayaData, organizer of Chaos Carnival.

Litmus has 1.4k stars and 303 forks on GitHub.

Kube-Score

KubeScore is used for object analysis to foster improved reliability and security in Kubernetes clusters.

The tool is used to perform static code analysis of Kubernetes Object definitions and the output is usually a list of recommendations that will tell the engineers how to improve the security and resiliency of the application.

KubeScore has 1.1k stars and 63 forks on GitHub. It can be installed using some distributions like Docker, pre-built binaries for Windows, macOS and Linux, Homebrew, and Krew. It can also be used online.

KubeLibrary

KubeLibrary is built based on the official python Kubernetes Client that connects to the Kubernetes cluster while executing any Kubernetes API command.

Generally, in running end to end test, there is a need to ensure the system under test is readily available and runs on the latest deployed version. With KubeLibrary, tests could be built to perform this activity.

Also, KubeLibrary helps users to easily verify running objects in any cluster by building tests. Some examples of such tests can be found in the GitHub repository. On GitHub, it has 54 stars and 8 forks.

kubernetes Banner. Image Courtesy: https://kubernetes.io/

All the tools that have been detailed above are free and open-source. Testing in general and specifically in complex and distributed systems like Kubernetes is critical and enables teams to set up a continuous learning process and a DevOps feedback loop.

Get similar stories in your inbox weekly, for free

Share this story:

The Chief I/O

The team behind this website. We help IT leaders, decision-makers and IT professionals understand topics like Distributed Computing, AIOps & Cloud Native