K8s Cluster Management
- kubespray – Deploy a Production Ready Kubernetes Cluster
- kops – kops helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters from the command line. AWS is currently officially supported, with GCE in beta support , and VMware vSphere in alpha, and other platforms planned.
- Kube-ops-view – Kubernetes Operational View – read-only system dashboard for multiple K8s clusters
- Kubeprompt – Kubernetes prompt info
- Metalk8s – An opinionated Kubernetes distribution with a focus on long-term on-prem deployments
- kind – Kubernetes IN Docker – local clusters for testing Kubernetes
- Clusterman – Autoscale and Manage your compute clusters – Cluster Autoscaler for Kubernetes and Mesos
- Cert-manager – Automatically provision and manage TLS certificates
- Goldilocks – Get your resource requests “Just Right”
- katafygio – Dump, or continuously backup Kubernetes objets as yaml files in git
- Sealed Secrets – A Kubernetes controller and tool for one-way encrypted Secrets
OpenKruise/Kruise – Automate application workloads management on Kubernetes https://openkruise.io
kubectl snapshot – Take Cluster Snapshots
Kubernetes Job/CronJob Notifier – Kuberenets Job/CronJob Notifier
Kubernetes Janitor – Clean up (delete) Kubernetes resources after a configured TTL
Grafana Tanka – Tanka is a composable configuration utility for Kubernetes. It leverages the Jsonnet language to realize flexible, reusable and concise configuration
KubeDirector – Kubernetes Director (aka KubeDirector) for deploying and managing stateful applications on Kubernetes
Cluster control plane (AKA master) and Worker components
- kubelet – The primary node agent that runs on each node. The kubelet takes a set of PodSpecs and ensures that the described containers are running and healthy.
- Container runtime – Container runtime is Docker engine which resides in each node
- kube-proxy – Can do simple TCP/UDP stream forwarding or round-robin TCP/UDP forwarding across a set of back-ends.
- kube-apiserver – REST API that validates and configures data for API objects such as pods, services, replication controllers.
- Cluster state store – All persistent cluster state is stored in an instance of etcd. This provides a way to store configuration data reliably.
- kube-controller-manager – Daemon that embeds the core control loops shipped with Kubernetes.
- kube-scheduler – Scheduler that manages availability, performance, and capacity.
- Federation – A single Kubernetes cluster may span multiple availability zones.
- federation-apiserver – API server for federated clusters.
- federation-controller-manager – Daemon that embeds the core control loops shipped with Kubernetes federation
Managed Kubernetes Service and Platform in Cloud
- Google Container Engine – Google Kubernetes Engine is a powerful cluster manager and orchestration system for running your Docker containers.
- Amazon Elastic Kubernetes Service (Amazon EKS) – Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS.
- Azure Kubernetes Service (AKS) – The fully managed Azure Kubernetes Service (AKS) makes deploying and managing containerised applications easy. It offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance.
- DigitalOcean Kubernetes – DigitalOcean Kubernetes includes a master server instance for free. Pricing for Kubernetes workloads is based on actual usage by the applications you deploy to your cluster. This includes Droplets, and may include persistent Block Storage, and Load Balancers.
- IBM Cloud Kubernetes service – IBM Cloud™ Kubernetes Service is a managed container service for the rapid delivery of applications that can bind to advanced services like IBM Watson® and blockchain. As a certified K8s provider, IBM Cloud Kubernetes Service provides intelligent scheduling, self-healing, horizontal scaling, service discovery and load balancing, automated rollouts and rollbacks, and secret and configuration management.
- Alibaba Cloud Kubernetes (ACK))- Container Service for Kubernetes (ACK) is a fully managed service. ACK is integrated with services such as virtualization, storage, network and security, providing user a high performance and scalable Kubernetes environments for containerized applications. Alibaba Cloud is a Kubernetes Certified Service Provider（KCSP）and ACK is certified by Certified Kubernetes Conformance Program which ensures consistent experience of Kubernetes and workload portability.
K8s Cluster with core CLI tools
- Bootkube – bootkube – Launch a self-hosted Kubernetes cluster
- kubectx + kubens – Switch faster between clusters and namespaces in kubectl
- kube-shell – Kubernetes shell: An integrated shell for working with the Kubernetes
- kuttle: kubectl wrapper for sshuttle without SSH – Kubernetes wrapper for sshuttle
- kubectl sudo – Run kubernetes commands with the security privileges of another user
- K9s – Kubernetes CLI To Manage Your Clusters In Style!
- Ktunnel – A cli that exposes your local resources to kubernetes
- Kubemqctl – Kubemqctl is a command line interface (CLI) for KubeMQ , Kubernetes Message Broker https://kubemq.io
- kubectl-aliases – Programmatically generated handy kubectl aliases. https://ahmet.im/blog/kubectl-aliases/
- go-kubectx – 5x-10x faster alternative to kubectx. Uses client-go
- kubectl – Main CLI tool for running commands and managing Kubernetes clusters.
- JSONPath – Syntax guide for using JSONPath expressions with kubectl.
- kubeadm – CLI tool to easily provision a secure Kubernetes cluster.
- kubefed – CLI tool to help you administrate your federated clusters.
- Minikube – This is the simplest way to get a Kubernetes cluster on your Mac or Windows machine.
- kubectl completion bash: Autocompletion for kubectl. The kubectl completion script for Bash can be generated with the command kubectl completion bash. Sourcing the completion script in your shell enables kubectl – autocompletion. However, the completion script depends on bash-completion
- kube-ps1: Kubernetes prompt for bash and zsh: context/namespace info to your shell prompt
Kubernetes official Add ons
- Ingress controller
- Heapster (resource monitoring)
- Dashboard (GUI)
K8s Alert and Monitoring
Kiali – Kiali project, observability for the Istio service mesh
Prometheus – The Prometheus monitoring system and time series database.
Grafana – The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
Kubetail – Bash script to tail Kubernetes logs from multiple pods at the same time
Searchlight – Alerts for Kubernetes
linkerd2 Monitoring Mixin for Grafana – Grafana dashboards for linkerd2 monitoring and can work in standalone (default) or in multi cluster setup
kuberhaus – Kubernetes resource dashboard with node/pod layout and resource requests
Kubernetes Job/CronJob Notifier – This tool sends an alert to slack whenever there is a Kubernetes cronJob/Job failure/success
PowerfulSeal – A powerful testing tool for Kubernetes clusters
Crash-diagnostic – Crash-Diagnostics is a tool to help investigate, analyze, and troubleshoot unresponsive or crashed Kubernetes clusters
K9s – Kubernetes CLI To Manage Your Clusters In Style!
Kubernetes CLI Plugin – Doctor – kubectl cluster triage plugin for k8s – ? (brew doctor equivalent)
Knative Inspect – A light-weight debugging tool for Knative’s system components
Kubeman – To find information from Kubernetes clusters, and to investigate issues related to Kubernetes and Istio
Kubectl-debug – Debug your pod by a new container with every troubleshooting tools pre-installed
ksniff – Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
K8s Developement Tools
Okteto: A Tool for Cloud Native Developers – Build better applications by developing and testing your code directly in Kubernetes
Tilt: Tilt manages local development instances for teams that deploy to Kubernetes – Local Kubernetes development with no stress
Garden: Kubernetes from source to finish – Development orchestrator for Kubernetes, containers and functions.
KuberNix – Single dependency Kubernetes clusters for local testing, experimenting and development
Copper – A configuration file validator for Kubernetes
ko – Build and deploy Go applications on Kubernetes
Makisu – Fast and flexible Docker image building tool, works in unprivileged containerized environments like Mesos and Kubernetes
KUDO Kubernetes Universal Declarative Operator (KUDO) provides a declarative approach to building production-grade Kubernetes operators
Aegir – Validation Webhook for Kubernetes based on LIVR rules (https://livr-spec.org)
K8s Alternative Tools for Developement
KubeSphere – Easy-to-use Production Ready Container Platform https://kubesphere.io
skippbox – A Desktop application for k8s
Micronetes – Micronetes is a local orchestrator inspired by kubernetes that makes developing and testing microservices and distributed applications easier
k3c – Classic Docker for a Kubernetes world – Lightweight local container engine for container development
Tilt – Local Kubernetes development with no stress https://tilt.dev/
K8s CI/CD integration Automation Tools
Skaffold – Easy and Repeatable Kubernetes Development
Apollo – Apollo – The logz.io continuous deployment solution over kubernetes
Helm Cabin – Web UI that visualizes Helm releases in a Kubernetes cluster
flagger – Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
Kubeform – Kubernetes CRDs for Terraform providers https://kubeform.com
Spinnaker – Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. http://www.spinnaker.io/
Helmsman – Helm Charts as Code
Argo – Argo Workflows: Get stuff done with Kubernetes
trireme-kubernetes – Aporeto integration with Kubernetes Network Policies
Calico – Cloud native connectivity and network policy
kubepox – Kubernetes network Policy eXploration tool
kokotap – Tools for kubernetes pod network tapping
Submariner – Connect all your Kubernetes clusters, no matter where they are in the world
egress-operator – An operator to produce egress gateway pods and control access to them with network policies
K8s Testing Tools
Network bandwith and load testing – Test suite for Kubernetes
test-infra – Test infrastructure for the Kubernetes project
kube-score – Kubernetes object analysis with recommendations for improved reliability and security
Litmus – Cloud-Native Chaos Engineering; Kubernetes-Native Chaos Engineering; Chaos Engineering for Kubernetes
Service Mesh / Ingress
- Traefik – The Cloud Native Edge Router
- NGINX Ingress Controller – NGINX and NGINX Plus Ingress Controllers for Kubernetes
- Autopilot – THE SERVICE MESH SDK
- linkerd-config – A Kubernetes controller that knows how to reconcile the Linkerd configuration
- Kong for Kubernetes – Use Kong for Kubernetes Ingress
- istio – At a high level, Istio helps reduce the complexity of these deployments, and eases the strain on your development teams. It is a completely open source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system.
- envoy – Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures.
- linkerd – Linkerd is a transparent service mesh, designed to make modern applications safe and sane by transparently adding service discovery, load balancing, failure handling, instrumentation, and routing to all inter-service communication.
- consul – Consul is a service mesh solution providing a full featured control plane with service discovery, configuration, and segmentation functionality.
- Ambassador Edge Stack- The Ambassador Edge Stack gives platform engineers a comprehensive, self-service edge stack for managing the boundary between end-users and Kubernetes. Built on the Envoy Proxy and fully Kubernetes-native, the Ambassador Edge Stack is made to support multiple, independent teams that need to rapidly publish, monitor, and update services for end-users.
Kubespy – Tools for observing Kubernetes resources in real time
Popeye – A Kubernetes cluster resource sanitizer
Stern – Multi pod and container log tailing for Kubernetes
Cri-tools – CLI and validation tools for Kubelet Container Runtime Interface (CRI)
Kubebox – Terminal and Web console for Kubernetes
Kubewatch – Watch k8s events and trigger Handlers
kube-state-metrics – Add-on agent to generate and expose cluster-level metrics
Sloop – Kubernetes History Visualization
kubectl tree ? – Kubectl plugin to observe object hierarchies through ownerReferences
chaoskube – chaoskube periodically kills random pods in your Kubernetes cluster
BotKube – Helps you monitor your Kubernetes cluster(s), debug critical deployments and gives recommendations for standard practices
Kubestone – Kubestone is a benchmarking Operator that can evaluate the performance of Kubernetes installations
Chaos Mesh – A Chaos Engineering Platform for Kubernetes
Machine Learning/Deep Learning
Compute Edge Tools
Kubernetes Tools for Specific Cloud
Kubernetes on AWS (kube-aws) – A command-line tool to declaratively manage Kubernetes clusters on AWS
Draft: Streamlined Kubernetes Development – A tool for developers to create cloud-native applications on Kubernetes
helm-ssm – A low dependency tool for retrieving and injecting secrets from AWS SSM into Helm
Skupper – Multicloud communication for Kubernetes
Kubernetes Storage Providers
ChubaoFS – distributed file system and object storage
Longhorn – Cloud-Native distributed block storage built on and for Kubernetes
OpenEBS – Kubernetes native – hyperconverged block storage with multiple storage engines
Rook – Storage Orchestration for Kubernetes
TiKV – Distributed transactional key-value database
velero – Backup and migrate Kubernetes applications and their persistent volumes
Vitess – Vitess is a database clustering system for horizontal scaling of MySQL
Ubiquity – Ubiquity Storage Service for Container Ecosystems
kubectl-unbound-pvc – A kubectl plugint to see PVCs which are not in “Bound” state
Kubernetes Security tools
kube-hunter – Hunt for security weaknesses in Kubernetes clusters
kube-bench – Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Kube-Scan – kube-scan: Octarine k8s cluster risk assessment tool https://www.octarinesec.com/
Permission manager – Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW https://sighup.io/
Kubernetes Common Configuration Scoring System (KCCSS) – Kubernetes Common Configuration Scoring System https://www.octarinesec.com/
Sysdig Inspect – Sysdig Inspect – A powerful opensource interface for container troubleshooting and security investigation https://www.sysdig.org/
Kubernetes On Mobile
Cabin, the mobile app for Kubernetes – The Mobile Dashboard for Kubernetes
kubenav – kubenav is the navigator for your Kubernetes clusters right in your pocket. https://kubenav.io
- Rudr – A Kubernetes implementation of the Open Application Model specification
- Funktion – CLI tool for working with funktion
- Alterant – A simple Kubernetes configuration modifier
- BUCK – Brigade Universal Controller for Kubernetes
- Chaos Toolkit Kubernetes Support – Kubernetes driver extension of the Chaos Toolkit probes and actions API
- kube-fledged – A kubernetes add-on for creating and managing a cache of container images directly on the cluster worker nodes, so application pods start almost instantly
- CoreDNS – CoreDNS is a DNS server. It is written in Go.
- containerd – An industry-standard container runtime with an emphasis on simplicity, robustness, and portability.
- The Update Framework (TUF) – The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers
- Jaeger – Monitor and troubleshoot transactions in complex distributed systems.
- Fluentd – Fluentd is an open source data collector for unified logging layer. Fluentd allows you to unify data collection and consumption for a better use and understanding
- OpenTracing – Ideas about distributed tracing and monitoring across multiple systems have certainly generated quite a buzz.
- gRPC – gRPC is a modern open source high performance RPC framework that can run in any environment.
- CNI – CNI (Container Network Interface), a Cloud Native Computing Foundation project, consists of a specification and libraries for writing plugins to configure network
- Notary – Notary is a core piece of plumbing in Docker’s approach to the secure supply chain whereby security is seamlessly and uniformly embedded into a workflow from development all the way through to operations. Notary is an implementation of The Update Framework (TUF) written in Go.
- NATS – NATS was built to meet the distributed computing needs of today and tomorrow. NATS is simple and secure messaging made for developers and operators who want to spend more time developing modern applications and services than worrying about a distributed communication system.
- Helm – Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
- Harbor – Our mission is to be the trusted cloud native repository for Kubernetes.
- etcd – etcd is a distributed reliable key-value store for the most critical data of a distributed system, with a focus on being: etcd is written in Go and uses the Raft consensus algorithm to manage a highly-available replicated log.
- Simple: well-defined, user-facing API (gRPC)
- Secure: automatic TLS with optional client cert authentication
- Fast: benchmarked 10,000 writes/sec
- Reliable: properly distributed using Raft
- Open Policy Agent – The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack.
- CRI-O – CRI-O supports OCI container images and can pull from any container registry. It is a lightweight alternative to using Docker, Moby or rkt as the runtime
- CloudEvents – CloudEvents is a specification for describing event data in common formats to provide interoperability across services, platforms and systems.
- Falco – Falco, the open source cloud-native runtime security project, is the defacto Kubernetes threat detection engine. Falco detects unexpected application behavior and alerts on threats at runtime.