Kubernetes Tools

Developer Tools

• crane: a tool for interacting with remote images and registries.
• crossplane: Crossplane is a framework for building cloud native control planes without needing to write code. It has a highly extensible backend that enables you to build a control plane that can orchestrate applications and infrastructure no matter where they run, and a highly configurable frontend that puts you in control of the schema of the declarative API it offers.
• Draft: Draft makes it easy to build applications that run on Kubernetes. Draft targets the "inner loop" of a developer's workflow: as they hack on code, but before code is committed to version control.
• ko: ko is a simple, fast container image builder for Go applications
• Kubectx: Fast way to switch between clusters and namespaces in kubectl
• Kube-ps1: Kubernetes prompt info for bash and zsh
• Skaffold: Easy and Repeatable Kubernetes Development
• kube-shell: An integrated shell for working with the Kubernetes
• Copper: Copper is a configuration validator for Kubernetes
• kubefwd: Bulk port forwarding Kubernetes services for local development.
• kubernetes-deploy: A command-line tool that helps you ship changes to a Kubernetes namespace and understand the result
• ORAS: Registries are evolving as generic artifact stores. To enable this goal, the ORAS project provides a way to push and pull OCI Artifacts to and from OCI Registries.

Containers

• jib: Jib builds optimized Docker and OCI images for your Java applications without a Docker daemon - and without deep mastery of Docker best-practices. It is available as plugins for Maven and Gradle and as a Java library.
• skopeo: Skopeo is a tool for manipulating, inspecting, signing, and transferring container images and image repositories on Linux systems, Windows and MacOS. Skopeo does not require running a container daemon.

Ops

• Gravity: Gravity is an open source tooklit for creating "snapshots" of Kubernetes clusters and the applications running inside the clusters. The resulting snapshots are called application bundles.
• Machine Controller Manager: Declarative way of managing machines for Kubernetes cluster

Visualization

• Weave Scope: Monitoring, visualisation & management for Docker & Kubernetes
• Kubebox: Terminal and Web console for Kubernetes

Package Manager

• Helm: Helm is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.

Ingress Controller

• Contour: Contour is a Kubernetes ingress controller for Lyft's Envoy proxy.
• Kubemci: kubemci is a tool to configure Kubernetes ingress to load balance traffic across multiple Kubernetes clusters.
• Ambassador: Ambassador is a Kubernetes-native API gateway for microservices. Ambassador is deployed at the edge of your network, and routes incoming traffic to your internal services.

Monitoring & Observality

• Hubble: Hubble is a fully distributed networking and security observability platform for cloud native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.
• Kubewatch: Watch k8s events and trigger Handlers.
• Kubeshark: Kubeshark, the API Traffic Viewer for kubernetes, provides deep visibility and monitoring of all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster. Think of a combination of Chrome Dev Tools, TCPDump and Wireshark, re-invented for Kubernetes.

Debugging

• Telepresence: Local development against a remote Kubernetes
• Stern: Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging.
• Ksync: ksync speeds up developers who build applications for Kubernetes. It transparently updates containers running on the cluster from your local checkout.

Security

• connaisseur: A Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster.
• SecretScanner: Deepfence SecretScanner can find unprotected secrets in container images or file systems
• grype: A vulnerability scanner for container images and filesystems. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
• falco: Falco makes it easy to consume kernel events, and enrich those events with information from Kubernetes and the rest of the cloud native stack. Falco has a rich set of security rules specifically built for Kubernetes, Linux, and cloud-native. If a rule is violated in a system, Falco will send an alert notifying the user of the violation and its severity.
• kubeclarity: KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security.
• Kubesec.io
• kubesec: Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
• Kube-hunter: Hunt for security weaknesses in Kubernetes clusters
• Kube-bench: The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices
• Cert-manager: Automatically provision and manage TLS certificates in Kubernetes
• kubescape: Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
• syft: A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.
• trivy: Trivy is a comprehensive security scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
• kubeaudit: kubeaudit is a tool to audit Kubernetes clusters for various different security concerns, such as: run as non-root, use a read-only root filesystem, drop scary capabilities, don't add new ones, don't run privileged and more!
• Container Structure Tests : The Container Structure Tests provide a powerful framework to validate the structure of a container image. These tests can be used to check the output of commands in an image, as well as verify metadata and contents of the filesystem.
• Tetragon: Cilium’s new Tetragon component enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement.
• ThreatMapper: Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats.

Software Supply Chain Security

• Chain-bench: Chain-bench is an open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
• Kubeclarity: KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security.

Chaos Engineering

• kube-monkey: An implementation of Netflix's Chaos Monkey for Kubernetes clusters

Distributions

• Typhoon: Minimal and free Kubernetes distribution

Extensions

• kubernetes-ldap: ightweight Directory Access Protocol (LDAP) for Kubernetes

GKE

• kubernetes-rbac-synchroniser: RBAC Synchroniser pulls a Google Group, extracts Google Group Member Emails and updates the Kubernetes RoleBinding in the given namespace.