Recommended k8s tools
Here is a list great tools for k8s
Kubernetes Security 🔐¶
Sealed Secrets 🔥
I can manage all my K8s config in git, except Secrets.
Encrypt your Secret into a SealedSecret, which is safe to store - even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Kyverno is a policy engine built for Kubernetes
kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient.
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model
Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way...
Kubernetes Visibility 🔦¶
Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging.
This is a simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster. It attempts to combine the best parts of the output from kubectl top and kubectl describe into an easy to use CLI focused on cluster resources.
Logging operator (built-in with RKE) 🔥
The Logging operator automates the deployment and configuration of a Kubernetes logging pipeline. The operator deploys and configures a Fluent Bit daemonset on every node to collect container and application logs from the node file system. Fluent Bit queries the Kubernetes API and enriches the logs with metadata about the pods, and transfers both the logs and the metadata to Fluentd. Fluentd receives, filters, and transfer logs to multiple outputs. Your logs will always be transferred on authenticated and encrypted channels.
Kubernetes Management 💻¶
Lens is the only IDE you’ll ever need to take control of your Kubernetes clusters. It is a standalone application for MacOS, Windows and Linux operating systems. It is open source and free.
kubectx is a utility to manage and switch between kubectl contexts
klum - Kubernetes Lazy User Manager
kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.
Since v1.14 kubectl announcement the kustomize build system has been included in kubectl.
|kubectl version||kustomize version|
Kubeapps is a web-based UI for deploying and managing applications in Kubernetes cluster
Krew is a tool that makes it easy to use kubectl plugins. Krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, dnf or brew. Today, over 70 kubectl plugins are available on Krew.
arkade provides a simple Golang CLI with strongly-typed flags to install charts and apps to your cluster in one command
Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods with their associated DeploymentConfigs, Deployments, Daemonsets and Statefulsets.
Gravity is an upstream Kubernetes packaging solution that takes the drama out of deploying and running applications in someone else's cloud accounts, on-premise data centers, edge locations and other "uncharted territory" environments.
RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. Binaries are generated with goreleaser for each release for simple installation.
RBAC Manager was designed to simplify authorization in Kubernetes. This is an operator that supports declarative configuration for RBAC with new custom resources. Instead of managing role bindings or service accounts directly, you can specify a desired state and RBAC Manager will make the necessary changes to achieve that state.
kubefwd is a command line utility built to port forward multiple services within one or more namespaces on one or more Kubernetes clusters. kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation. kubefwd temporally adds domain entries to your /etc/hosts file with the service names it forwards.
This is a very simple utility to help users find deprecated Kubernetes apiVersions in their code repositories and their helm releases.
Kubernetes GitOps 🚀¶
Helmfile is a declarative spec for deploying helm charts
Ketch makes it extremely easy to deploy and manage applications on Kubernetes using a simple command-line interface. No Kubernetes object YAML is required!
Flux is a set of continuous and progressive delivery solutions for Kubernetes, and they are open and extensible
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
Shipa provides an application-centric way to develop, deploy and manage cloud-native applications without requiring any Kubernetes expertise
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.
Client-Only Developer Tool for Cloud-Native Development with Kubernetes
werf is an Open Source CLI tool written in Go, designed to simplify and speed up the delivery of applications. To use it, you need to describe the configuration of your application (in other words, how to build and deploy it to Kubernetes) and store it in a Git repo — the latter acts as a single source of truth. In short, that's what we call GitOps today.
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.
skopeo is a command line utility that performs various operations on container images and image repositories
Kubernetes Testing 🧪¶
Spin up fresh, automated dev environments for each task in the cloud, in seconds.
Okteto deploys a realistic replica of your stack in Kubernetes and takes care of updating your application to provide continuous feedback as you code.
kind is a tool for running local Kubernetes clusters using Docker container 'nodes'. kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.
k3s (From Rancher)
Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 100 MB
k3s is the lightweight Kubernetes distribution by Rancher: rancher/k3s k3d creates containerized k3s clusters. This means, that you can spin up a multi-node k3s cluster on a single machine using docker.
Litmus is a toolset to do cloud-native chaos engineering. Litmus provides tools to orchestrate chaos on Kubernetes to help SREs find weaknesses in their deployments
Kubernetes enterprise 🏢¶
Kubernetes lets you effortlessly manage distributed apps. Zebrium saves you when something goes wrong
Use identity, device-state, and request context to implement zero-trust, achieve compliance, and secure access to your applications, clusters, and servers without a VPN.
Best practices & SRE ✔️¶
production best practices
Graceful AWS scaling event on Kubernetes using lifecycle hooks
Kubestone is a benchmarking Operator that can evaluate the performance of Kubernetes installations.
kubernetes Storage 💾¶
Longhorn is a distributed block storage system for Kubernetes.
Stork is a Cloud Native storage operator runtime scheduler plugin. It translates a scheduler's orchestration decisions into someting that an external cloud native storage solution can act upon. By doing so, it extends Kubernetes with more stateful awareness of the underlying storage provider, it's capabilities and state.
Kubernetes Network 🌏¶
MetalLB is a load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
A Load-Balancer for both inside and outside a Kubernetes cluster
Contour is an Ingress controller for Kubernetes that works by deploying the Envoy proxy as a reverse proxy and load balancer. Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile.
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on premise or in the cloud
OpenFaaS makes it easy for developers to deploy event-driven functions and microservices to Kubernetes without repetitive, boiler-plate coding. Package your code or an existing binary in a Docker image to get a highly scalable endpoint with auto-scaling and metrics.
cdk8s is a software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs. cdk8s generates pure Kubernetes YAML - you can use cdk8s to define applications for any Kubernetes cluster running anywhere.
Kubernetes IOT 🦿¶
RDBOX is an advanced IT platform for robotics and IoT developers that highly integrates cloud-native and edge computing technologies
Kubernetes Training 💪¶
MSB Library 🔥
Learn k8s (currently free)
Learn Kubernetes using Interactive Browser-Based Scenarios
Containers 101 (CodeFresh)
Build and deploy applications to modern container platforms (with Kubernetes, Docker, and Helm)