This list is being updated on regular basis
General info
Comparison
- API comparison https://kube-api.ninja/
- https://learnk8s.io/research
- https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238
Hosting
- kapsule https://www.scaleway.com/en/
- free https://cloud.okteto.com/
Secrets
- External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets
- Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator
- Kubernetes mutating webhook for
secrets-initinjection https://github.com/doitintl/kube-secrets-init - AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/
RBAC
- RBAC practices and tooling https://rbac.dev/
- Visualize RBAC https://github.com/team-soteria/rback
- RBAC Manager is designed to simplify authorization in Kubernetes https://github.com/FairwindsOps/rbac-manager
- Access matrix https://github.com/corneliusweig/rakkess
Security
- Kubernetes vector attack https://github.com/cyberark/kubesploit
Production checklist
Deployment
Helm
Serverless
- Knative https://knative.dev/docs/eventing/sources/
- Kubeless https://kubeless.io/
- OpenFAAS https://github.com/openfaas/faas
Local
- Minikube https://minikube.sigs.k8s.io/
- https://docs.tilt.dev/
- k0s https://github.com/k0sproject/k0s
- Microk8s from Canonical https://microk8s.io/
- KIND https://kind.sigs.k8s.io/
- Telepresence https://www.telepresence.io/tutorials/kubernetes-rapid
- Exposes your local resources to kubernetes (like telepresence) https://github.com/omrikiei/ktunnel
- Skaffold https://skaffold.dev/
Capacity
- Overview of the resource requests, limits, and utilization in a Kubernetes https://github.com/robscott/kube-capacity
- Recommendations requests/limits https://github.com/robusta-dev/krr
K8s Plugins
- Plugin installer https://github.com/kubernetes-sigs/krew
- Plugins list https://krew.sigs.k8s.io/plugins
- Debug pods https://github.com/aylei/kubectl-debug
- Resources https://github.com/y0zg/kubectl-resources
- View webhook https://github.com/Trendyol/kubectl-view-webhook#kubectl-view-webhook
- access-matrix - show an access matrix for k8s server resources https://github.com/corneliusweig/rakkess
- rbac-lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://github.com/FairwindsOps/rbac-lookup
- rbac-view - Visualize Kubernetes RBAC rules https://github.com/jasonrichardsmith/rbac-view
- pv-df - Show disk usage (like unix df) for persistent volumes https://artifacthub.io/packages/krew/krew-index/df-pv
- resource-quotas
- sniff - tcpdump pods https://github.com/eldadru/ksniff
- view-secret - decode Kubernetes secrets https://github.com/elsesiy/kubectl-view-secret
- Exposes your local resources to kubernetes https://github.com/omrikiei/ktunnel
- kubectl git blame https://github.com/knight42/kubectl-blame
Upgrade
- Detect deprecated resources https://github.com/FairwindsOps/pluto
- Fix helm chart after k8s upgrade
helm plugin install https://github.com/helm/helm-mapkubeapis
Baremetal
- Awesome baremetal https://github.com/alexellis/awesome-baremetal
- EKS Anywhere https://aws.amazon.com/eks/eks-anywhere/
- GKE Anthos https://cloud.google.com/anthos/clusters
- Popular stack options:
- Kubeadm+Flannel+Linstor+MetalLB
- kubeadm + terraform
- kubeadm CNI calico
- (MaaS) + Terraform + RKE
- RKE + terraform
- VIP for pods https://kube-vip.io/
- vmware+kismatic+ansible CNI calico
- vmware PKS
Security/Firewall
- Set up roles in IAM, map them to K8s groups, write RBAC bindings against those groups https://github.com/kubernetes-sigs/aws-iam-authenticator#full-configuration-format
- https://github.com/gravitational/wormhole
- Calico network policy
- strongswan vpn
- istio envoyfilters
- OPA
- Kyverno is a policy engine designed for Kubernetes. Based on the Open Policy Agent https://kyverno.io/
cases
- Sync secrets https://kyverno.io/policies/other/sync_secrets/?policytypes=Secret
- Disallow Secrets from Env
- Kyverno is a policy engine designed for Kubernetes. Based on the Open Policy Agent https://kyverno.io/
cases
- Vectors attack - https://github.com/cyberark/kubesploit
- Kubesploit https://github.com/cyberark/kubesploit/blob/assets/mitre_pic_full.png
- Intentionally vulnerable cluster environment to learn and practice Kubernetes security https://github.com/madhuakula/kubernetes-goat
- kubectl-dig - Deep Kubernetes visibility from the kubectl https://github.com/sysdiglabs/kubectl-dig
- Realoader configmaps and secrets https://github.com/stakater/Reloader
Registry
- Cache images between nodes https://github.com/XenitAB/spegel
- Container Registry and Image Management for Kubernetes Clusters https://github.com/ContainerSolutions/trow
- Sync registries https://github.com/plexsystems/sinker