This list is being updated on regular basis
General info
UI / Desktop Clients
- K9s — terminal UI for navigating clusters, resources, events, logs, and metrics https://k9scli.io/
- Freelens — free and open-source IDE for Kubernetes (community fork of Lens, no account required) https://github.com/freelensapp/freelens
- Lens — full-featured Kubernetes desktop IDE with workload, metrics, and troubleshooting views https://k8slens.dev/
- Headlamp — web-based Kubernetes UI, good for remote admin https://headlamp.dev/
- Kubevious — maps cluster relationships and highlights configuration issues visually https://kubevious.io/
- Aptakube — modern desktop Kubernetes client, alternative to Lens https://aptakube.com/
- Radar — terminal-native Kubernetes explorer with deep navigation https://github.com/skyhook-io/radar
- K8studio — desktop IDE with log functionality and AI Copilot https://k8studio.io/
- Kubius — native macOS app for cluster management, pod rightsizing and cost optimization https://kubius.io/
Comparison
- API comparison https://kube-api.ninja/
- https://learnk8s.io/research
- https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238
Hosting
- kapsule https://www.scaleway.com/en/
- free https://cloud.okteto.com/
Secrets
- External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets
- Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator
- Kubernetes mutating webhook for
secrets-initinjection https://github.com/doitintl/kube-secrets-init - AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/
RBAC
- RBAC practices and tooling https://rbac.dev/
- Visualize RBAC https://github.com/team-soteria/rback
- RBAC Manager is designed to simplify authorization in Kubernetes https://github.com/FairwindsOps/rbac-manager
- Access matrix https://github.com/corneliusweig/rakkess
Security
- Kubernetes vector attack https://github.com/cyberark/kubesploit
Production checklist
Deployment
Helm
Serverless
- Knative https://knative.dev/docs/eventing/sources/
- Kubeless https://kubeless.io/
- OpenFAAS https://github.com/openfaas/faas
Local
- Minikube https://minikube.sigs.k8s.io/
- https://docs.tilt.dev/
- k0s https://github.com/k0sproject/k0s
- Microk8s from Canonical https://microk8s.io/
- KIND https://kind.sigs.k8s.io/
- Telepresence https://www.telepresence.io/tutorials/kubernetes-rapid
- Exposes your local resources to kubernetes (like telepresence) https://github.com/omrikiei/ktunnel
- Skaffold https://skaffold.dev/
Capacity
- Overview of the resource requests, limits, and utilization in a Kubernetes https://github.com/robscott/kube-capacity
- Recommendations requests/limits https://github.com/robusta-dev/krr
- Goldilocks — uses VPA recommendations to identify oversized or undersized resource requests https://github.com/FairwindsOps/goldilocks
- Kubecost — Kubernetes cost visibility, allocation reporting, and optimization recommendations https://www.kubecost.com/
- Datafy — reclaim wasted EBS-backed PVC capacity and reduce storage costs https://datafy.cloud/
Backup
- Velero — backup, restore, and disaster recovery for Kubernetes workloads and persistent volumes https://velero.io/
K8s Plugins
- Plugin installer https://github.com/kubernetes-sigs/krew
- Plugins list https://krew.sigs.k8s.io/plugins
- Debug pods https://github.com/aylei/kubectl-debug
- Resources https://github.com/y0zg/kubectl-resources
- View webhook https://github.com/Trendyol/kubectl-view-webhook#kubectl-view-webhook
- access-matrix - show an access matrix for k8s server resources https://github.com/corneliusweig/rakkess
- rbac-lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://github.com/FairwindsOps/rbac-lookup
- rbac-view - Visualize Kubernetes RBAC rules https://github.com/jasonrichardsmith/rbac-view
- pv-df - Show disk usage (like unix df) for persistent volumes https://artifacthub.io/packages/krew/krew-index/df-pv
- resource-quotas
- sniff - tcpdump pods https://github.com/eldadru/ksniff
- view-secret - decode Kubernetes secrets https://github.com/elsesiy/kubectl-view-secret
- Exposes your local resources to kubernetes https://github.com/omrikiei/ktunnel
- kubectl git blame https://github.com/knight42/kubectl-blame
- kubectl-tree — visualize Kubernetes ownership chains, find controllers and parents https://github.com/ahmetb/kubectl-tree
- stern — tail logs from multiple pods and containers simultaneously with filtering https://github.com/stern/stern
- Popeye — scans live clusters for misconfigurations and best-practice violations https://github.com/derailed/popeye
- kubectx / kubens — instantly switch Kubernetes contexts and namespaces https://github.com/ahmetb/kubectx
- Kubie — context switching with isolated shell environments (alternative to kubectx) https://github.com/kubie-org/kubie
- Dive — analyze container images and identify wasted image layers https://github.com/wagoodman/dive
- diffyml — compare YAML files structurally https://github.com/szhekpisov/diffyml
- lfk — all-in-one kubectl helper https://github.com/janosmiko/lfk
Upgrade
- Detect deprecated resources https://github.com/FairwindsOps/pluto
- Fix helm chart after k8s upgrade
helm plugin install https://github.com/helm/helm-mapkubeapis
Baremetal
- Awesome baremetal https://github.com/alexellis/awesome-baremetal
- EKS Anywhere https://aws.amazon.com/eks/eks-anywhere/
- GKE Anthos https://cloud.google.com/anthos/clusters
- Popular stack options:
- Kubeadm+Flannel+Linstor+MetalLB
- kubeadm + terraform
- kubeadm CNI calico
- (MaaS) + Terraform + RKE
- RKE + terraform
- VIP for pods https://kube-vip.io/
- vmware+kismatic+ansible CNI calico
- vmware PKS
Security/Firewall
- Set up roles in IAM, map them to K8s groups, write RBAC bindings against those groups https://github.com/kubernetes-sigs/aws-iam-authenticator#full-configuration-format
- https://github.com/gravitational/wormhole
- Calico network policy
- strongswan vpn
- istio envoyfilters
- OPA
- Kyverno is a policy engine designed for Kubernetes. Based on the Open Policy Agent https://kyverno.io/
cases
- Sync secrets https://kyverno.io/policies/other/sync_secrets/?policytypes=Secret
- Disallow Secrets from Env
- Kyverno is a policy engine designed for Kubernetes. Based on the Open Policy Agent https://kyverno.io/
cases
- Vectors attack - https://github.com/cyberark/kubesploit
- Kubesploit https://github.com/cyberark/kubesploit/blob/assets/mitre_pic_full.png
- Intentionally vulnerable cluster environment to learn and practice Kubernetes security https://github.com/madhuakula/kubernetes-goat
- kubectl-dig - Deep Kubernetes visibility from the kubectl https://github.com/sysdiglabs/kubectl-dig
- Realoader configmaps and secrets https://github.com/stakater/Reloader
Registry
- Cache images between nodes https://github.com/XenitAB/spegel
- Container Registry and Image Management for Kubernetes Clusters https://github.com/ContainerSolutions/trow
- Sync registries https://github.com/plexsystems/sinker