专业编程基础技术教程

网站首页 > 基础教程 正文

容器安全-K8sGPT

ccvgpt 2024-08-16 15:03:25 基础教程 11 ℃

K8sGPT是一个云原生智能工具,提供了一种简单高效的方式扫描K8s集群来诊断集群、节点、Pod的相关问题,并提供修复建议。


容器安全-K8sGPT

通过brew安装:

brew tap k8sgpt-ai/k8sgpt

brew install k8sgpt

k8sgpt auth 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 ##与openai api对接


rpm安装: ##https://github.com/k8sgpt-ai/k8sgpt

wget https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.13/k8sgpt_arm64.rpm

rpm -ivh -i k8sgpt_arm64.rpm

k8sgpt auth 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 ##与openai api对接


二进制安装:

wget https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.13/k8sgpt_Linux_arm64.tar.gz

tar -zxvf k8sgpt_Linux_arm64.tar.gz

cp k8sgpt /usr/local/bin/k8sgpt && chmod +x /usr/local/bin/k8sgpt

k8sgpt auth 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 ##与openai api对接


以管理员身份在K8s集群中安装: ##https://github.com/k8sgpt-ai/k8sgpt-operator

helm repo add k8sgpt https://charts.k8sgpt.ai/

helm repo update

helm install release k8sgpt/k8sgpt-operator -n k8sgpt-operator-system --create-namespace


kubectl api-resources | grep -i gpt ##自动创建了2个CRD


OPENAI_TOKEN=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

kubectl create secret generic k8sgpt-sample-secret --from-literal=openai-api-key=$OPENAI_TOKEN -n default 或

kubectl create secret generic k8sgpt-sample-secret --from-literal=azure-api-key=$AZURE_TOKEN -n k8sgpt-operator-system ##定义为azureai


[root@k8s-master-01 k8sgpt]# kubectl apply -f - << EOF

apiVersion: core.k8sgpt.ai/v1alpha1

kind: K8sGPT

metadata:

name: k8sgpt-sample

namespace: k8sgpt-operator-system

spec:

ai:

enabled: true

model: gpt-3.5-turbo

backend: openai

secret:

name: k8sgpt-sample-secret

key: openai-api-key

# anonymized: false

# language: english

noCache: false

version: v0.3.13

# filters:

# - Ingress

# sink:

# type: slack

# webhook: <webhook-url>

# extraOptions:

# backstage:

# enabled: true

EOF


[root@k8s-master-01 k8sgpt]# kubectl apply -f - << EOF

apiVersion: core.k8sgpt.ai/v1alpha1

kind: K8sGPT

metadata:

name: k8sgpt-sample

namespace: k8sgpt-operator-system

spec:

ai:

enabled: true

secret:

name: k8sgpt-sample-secret

key: azure-api-key

model: gpt-35-turbo

backend: azureopenai

baseUrl: https://k8sgpt.openai.azure.com/

engine: llm

noCache: false

version: v0.3.13

EOF


[root@k8s-master-01 k8sgpt]# kubectl apply -f - << EOF

apiVersion: core.k8sgpt.ai/v1alpha1

kind: K8sGPT

metadata:

name: k8sgpt-local-ai

namespace: default

spec:

ai:

enabled: true

model: ggml-gpt4all-j

backend: localai

baseUrl: http://local-ai.<namespace>.svc.cluster.local:8080/v1

noCache: false

version: v0.3.13

EOF


与OpenAI API对接:

[root@k8s-master-01 k8sgpt]# k8sgpt generate

Please open: https://beta.openai.com/account/api-keys to generate a key for openai

Please copy the generated key and run `k8sgpt auth` to add it to your config file

[root@k8s-master-01 k8sgpt]# k8sgpt auth add -p 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 -m gpt-3.5-turbo -b openai

openai added to the AI backend provider list


查看及更改默认的AI Provider:

[root@k8s-master-01 k8sgpt]# k8sgpt auth list ##目前支持的AI Provider:openai(默认)/localai/azureopenai/noopai/cohere

Default:

> openai

Active:

> openai

> azureopenai

Unused:

> localai

> noopai


[root@k8s-master-01 k8sgpt]# k8sgpt auth default -p azureopenai ##指定一个新的默认AI Provider

Default provider set to azureopenai


k8sgpt auth add --backend localai --model <model_name> --baseurl http://localhost:8080/v1 ##改为localai

k8sgpt analyze --explain --backend localai


k8sgpt auth add --backend azureopenai --baseurl https://<your Azure OpenAI endpoint> --engine <deployment_name> --model <model_name> ##改为azureopenai,依据提示输入APIKey

k8sgpt analyze --explain --backend azureopenai


k8sgpt auth add --backend cohere --model command-nightly ##改为cohereai,依据提示输入APIKey

k8sgpt analyze --explain --backend cohere


K8sgpt默认以明文方式把数据存储在k8sgpt.yaml文件中(包括AIKey):

OS

Path

MacOS

~/Library/Application Support/k8sgpt/k8sgpt.yaml

Linux

~/.config/k8sgpt/k8sgpt.yaml

Windows

%LOCALAPPDATA%/k8sgpt/k8sgpt.yaml


内建分析器: ##也可以自定义分析器

  • Enabled by default:
  1. podAnalyzer
  2. pvcAnalyzer
  3. rsAnalyzer
  4. serviceAnalyzer
  5. eventAnalyzer
  6. ingressAnalyzer
  7. statefulSetAnalyzer
  8. deploymentAnalyzer
  9. cronJobAnalyzer
  10. nodeAnalyzer


  • Optional:
  1. hpaAnalyzer
  2. pdbAnalyzer
  3. networkPolicyAnalyzer



[root@k8s-master-01 k8sgpt]# k8sgpt analyze -a

AI Provider: openai


No problems detected

Tags:

猜你喜欢

最近发表
标签列表