Kubernetes tools

This list is being updated on regular basis

General info

• https://kubernetesreadme.com/

Comparison

• https://learnk8s.io/research
• https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238

Hosting

• kapsule https://www.scaleway.com/en/
• free https://cloud.okteto.com/

Secrets

• External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets
• Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator
• Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init
• AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/

RBAC

• RBAC practices and tooling https://rbac.dev/
• Visualize RBAC https://github.com/team-soteria/rback
• RBAC Manager is designed to simplify authorization in Kubernetes https://github.com/FairwindsOps/rbac-manager
• Access matrix https://github.com/corneliusweig/rakkess

Security

• Kubernetes vector attack https://github.com/cyberark/kubesploit
  • https://github.com/cyberark/kubesploit/blob/assets/mitre_pic_full.png

Production checklist

• https://learnk8s.io/production-best-practices/

Deployment

Helm

• https://v3.helm.sh/docs/howto/charts_tips_and_tricks

Serverless

• Knative https://knative.dev/docs/eventing/sources/
• Kubeless https://kubeless.io/
• OpenFAAS https://github.com/openfaas/faas

Troubleshooting

• Debug your pod by a new container https://github.com/aylei/kubectl-debug
• TCPdump pod https://github.com/eldadru/ksniff
• View Validation Webhook config https://github.com/Trendyol/kubectl-view-webhook#kubectl-view-webhook

Stateful

• Check PVC capacity https://github.com/yashbhutwala/kubectl-df-pv

Local

• Minikube https://minikube.sigs.k8s.io/
• https://docs.tilt.dev/
• k0s https://github.com/k0sproject/k0s
• Microk8s from Canonical https://microk8s.io/
• KIND https://kind.sigs.k8s.io/
• Telepresence https://www.telepresence.io/tutorials/kubernetes-rapid
• Exposes your local resources to kubernetes (like telepresence) https://github.com/omrikiei/ktunnel
• Skaffold https://skaffold.dev/

K8s Plugins

• Plugin installer https://github.com/kubernetes-sigs/krew
  • Plugins list https://krew.sigs.k8s.io/plugins
• Debug pods https://github.com/aylei/kubectl-debug
• Resources https://github.com/y0zg/kubectl-resources
• View webhook https://github.com/Trendyol/kubectl-view-webhook#kubectl-view-webhook
• access-matrix - show an access matrix for k8s server resources https://github.com/corneliusweig/rakkess
• rbac-lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://github.com/FairwindsOps/rbac-lookup
• rbac-view - Visualize Kubernetes RBAC rules https://github.com/jasonrichardsmith/rbac-view
• pv-df - Show disk usage (like unix df) for persistent volumes https://artifacthub.io/packages/krew/krew-index/df-pv
• resource-quotas
• sniff - tcpdump pods https://github.com/eldadru/ksniff
• view-secret - decode Kubernetes secrets https://github.com/elsesiy/kubectl-view-secret
• Exposes your local resources to kubernetes https://github.com/omrikiei/ktunnel
• kubectl git blame https://github.com/knight42/kubectl-blame

K8s at home (KUbecon 2021)

• https://github.com/eddiezane/kubecon-eu-2021-automating-your-home-with-k3s-and-home-assistant-notes/blob/main/README.md
• https://github.com/k8s-at-home
• https://github.com/eddiezane/pikube
• https://github.com/k8s-at-home/template-cluster-k3s
• https://www.reddit.com/r/homelab/

Baremetal

• Awesome baremetal https://github.com/alexellis/awesome-baremetal
• EKS Anywhere https://aws.amazon.com/eks/eks-anywhere/
• GKE Anthos https://cloud.google.com/anthos/clusters
• Popular stack options:
  • Kubeadm+Flannel+Linstor+MetalLB
  • kubeadm + terraform
  • kubeadm CNI calico
  • (MaaS) + Terraform + RKE
  • RKE + terraform
  • VIP for pods https://kube-vip.io/
  • vmware+kismatic+ansible CNI calico
  • vmware PKS

Security/Firewall

• Set up roles in IAM, map them to K8s groups, write RBAC bindings against those groups https://github.com/kubernetes-sigs/aws-iam-authenticator#full-configuration-format
• https://github.com/gravitational/wormhole
• Calico network policy
• strongswan vpn
• istio envoyfilters
• OPA
  • Kyverno is a policy engine designed for Kubernetes. Based on the Open Policy Agent https://kyverno.io/ cases
    • Sync secrets https://kyverno.io/policies/other/sync_secrets/?policytypes=Secret
    • Disallow Secrets from Env
• Vectors attack - https://github.com/cyberark/kubesploit
• Kubesploit https://github.com/cyberark/kubesploit/blob/assets/mitre_pic_full.png
• Intentionally vulnerable cluster environment to learn and practice Kubernetes security https://github.com/madhuakula/kubernetes-goat
• kubectl-dig - Deep Kubernetes visibility from the kubectl https://github.com/sysdiglabs/kubectl-dig
• Realoader configmaps and secrets https://github.com/stakater/Reloader
  • https://dev.to/joshduffney/kubernetes-using-configmap-subpaths-to-mount-files-3a1i

Registry

• Container Registry and Image Management for Kubernetes Clusters https://github.com/ContainerSolutions/trow
• Sync registries https://github.com/plexsystems/sinker

Chaos testing

• https://chaos-mesh.org/
• https://github.com/berkay-dincer/kubethanos