Recommended k8s tools
Here is a list great tools for k8s
Kubernetes Security ๐¶
Sealed Secrets ๐ฅ
I can manage all my K8s config in git, except Secrets.
Solution:
Encrypt your Secret into a SealedSecret, which is safe to store - even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.
kube-bench
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
Falco
Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
kube-score
kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient.
KubiScan
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model
starboard
Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way...
SRE ๐¶
keda ๐ฅ
drive the scaling of any container in Kubernetes based on the number of events needing to be processed.
Kubernetes Visibility ๐ฆ¶
SigNoz ๐ฅ
SigNoz helps developers monitor applications and troubleshoot problems in their deployed applications. SigNoz uses distributed tracing to gain visibility into your software stack
stern ๐ฅ
Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging.
kube-capacity
This is a simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster. It attempts to combine the best parts of the output from kubectl top and kubectl describe into an easy to use CLI focused on cluster resources.
Logging operator (built-in with RKE) ๐ฅ
The Logging operator automates the deployment and configuration of a Kubernetes logging pipeline. The operator deploys and configures a Fluent Bit daemonset on every node to collect container and application logs from the node file system. Fluent Bit queries the Kubernetes API and enriches the logs with metadata about the pods, and transfers both the logs and the metadata to Fluentd. Fluentd receives, filters, and transfer logs to multiple outputs. Your logs will always be transferred on authenticated and encrypted channels.
Kubernetes Management ๐ป¶
Lens ๐ฅ
Lens is the only IDE youโll ever need to take control of your Kubernetes clusters. It is a standalone application for MacOS, Windows and Linux operating systems. It is open source and free.
Kustomize
kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.
Since v1.14 kubectl announcement the kustomize build system has been included in kubectl.
| kubectl version | kustomize version |
|---|---|
| v1.16.0 | v2.0.3 |
| v1.15.x | v2.0.3 |
| v1.14.x | v2.0.3 |
kubeapps
Kubeapps is a web-based UI for deploying and managing applications in Kubernetes cluster
Krew
Krew is a tool that makes it easy to use kubectl plugins. Krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, dnf or brew. Today, over 70 kubectl plugins are available on Krew.
arkade ๐ฅ
arkade provides a simple Golang CLI with strongly-typed flags to install charts and apps to your cluster in one command
Reloader ๐ฅ
Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods with their associated DeploymentConfigs, Deployments, Daemonsets and Statefulsets.
Gravity
Gravity is an upstream Kubernetes packaging solution that takes the drama out of deploying and running applications in someone else's cloud accounts, on-premise data centers, edge locations and other "uncharted territory" environments.
RBAC Lookup
RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. Binaries are generated with goreleaser for each release for simple installation.
RBAC Manager
RBAC Manager was designed to simplify authorization in Kubernetes. This is an operator that supports declarative configuration for RBAC with new custom resources. Instead of managing role bindings or service accounts directly, you can specify a desired state and RBAC Manager will make the necessary changes to achieve that state.
kubefwd ๐ฅ
kubefwd is a command line utility built to port forward multiple services within one or more namespaces on one or more Kubernetes clusters. kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation. kubefwd temporally adds domain entries to your /etc/hosts file with the service names it forwards.
pluto
This is a very simple utility to help users find deprecated Kubernetes apiVersions in their code repositories and their helm releases.
Kubernetes GitOps ๐¶
keptn ๐ฅ
Keptn is an event-based control plane for continuous delivery and automated operations for cloud-native applications.
werf
werf is not a complete CI/CD solution, but a tool for creating pipelines that can be embedded into any existing CI/CD system. It literally "connects the dots" to bring these practices into your application. We consider it a new generation of high-level CI/CD tools.
Ketch
Ketch makes it extremely easy to deploy and manage applications on Kubernetes using a simple command-line interface. No Kubernetes object YAML is required!
Flux ๐ฅ
Flux is a set of continuous and progressive delivery solutions for Kubernetes, and they are open and extensible
Shipa ๐ฅ
Shipa provides an application-centric way to develop, deploy and manage cloud-native applications without requiring any Kubernetes expertise
Skaffold
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.
Tilt ๐ฅ
Tilt automates all the steps from a code change to a new process: watching files, building container images, and bringing your environment up-to-date
werf
werf is an Open Source CLI tool written in Go, designed to simplify and speed up the delivery of applications. To use it, you need to describe the configuration of your application (in other words, how to build and deploy it to Kubernetes) and store it in a Git repo โ the latter acts as a single source of truth. In short, that's what we call GitOps today.
kaniko
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.
skopeo
skopeo is a command line utility that performs various operations on container images and image repositories
Kubernetes Testing ๐งช¶
vcluster ๐ฅ
Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
Okteto
Okteto deploys a realistic replica of your stack in Kubernetes and takes care of updating your application to provide continuous feedback as you code.
Kind ๐ฅ
kind is a tool for running local Kubernetes clusters using Docker container 'nodes'. kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.
k3s (From Rancher)
Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 100 MB
k3d ๐ฅ
k3s is the lightweight Kubernetes distribution by Rancher: rancher/k3s k3d creates containerized k3s clusters. This means, that you can spin up a multi-node k3s cluster on a single machine using docker.
Litmus
Litmus is a toolset to do cloud-native chaos engineering. Litmus provides tools to orchestrate chaos on Kubernetes to help SREs find weaknesses in their deployments
Kubernetes enterprise ๐ข¶
Zebrium
Kubernetes lets you effortlessly manage distributed apps. Zebrium saves you when something goes wrong
pomerium
Use identity, device-state, and request context to implement zero-trust, achieve compliance, and secure access to your applications, clusters, and servers without a VPN.
Best practices & SRE โ๏ธ¶
production best practices
Graceful AWS scaling event on Kubernetes using lifecycle hooks
Kubestone is a benchmarking Operator that can evaluate the performance of Kubernetes installations.
kubernetes Storage ๐พ¶
Stork
Stork is a Cloud Native storage operator runtime scheduler plugin. It translates a scheduler's orchestration decisions into someting that an external cloud native storage solution can act upon. By doing so, it extends Kubernetes with more stateful awareness of the underlying storage provider, it's capabilities and state.
Kubernetes Network ๐¶
MetalLb
MetalLB is a load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
Contour
Contour is an Ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile.
submariner
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on premise or in the cloud
Serverless ๐¶
OpenFaaS ๐ฅ
OpenFaaS makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics.
cdk8s
cdk8s is a software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs. cdk8s generates pure Kubernetes YAML - you can use cdk8s to define applications for any Kubernetes cluster running anywhere.
Kubernetes IOT ๐ฆฟ¶
RDBOX
RDBOX is an advanced IT platform for robotics and IoT developers that highly integrates cloud-native and edge computing technologies
Kubernetes Training ๐ช¶
Containers 101 (CodeFresh)
Build and deploy applications to modern container platforms (with Kubernetes, Docker, and Helm)