Skip to content

Kubernetes Plugins, Tools, Extensions and Projects

  1. Introduction
  2. K8s Tools
  3. Portainer
  4. kubecfg
  5. Curl
  6. kcp
  7. Clusternet
  8. Open Cluster Management
  9. Penetration Testing Tools
  10. Deckhouse Kubernetes Platform
  11. KubeIP (GKE)
  12. Porter
  13. Datree. Quality Checks for Kubernetes YAMLs
  14. Kaniko Build Images in Kubernetes without docker
  15. Shipwright Framework for Building Container Images on Kubernetes
  16. BuildKit CLI for kubectl
  17. Buildpacks vs Dockerfiles
  18. Kubevela
  19. Pixie. Instantly troubleshoot applications on Kubernetes
  20. Dekorate. Generate k8s manifests for java apps
  21. Kubesploit
  22. Kubeshop
  23. Monokle
  24. KubeLibrary
  25. kube-vip
  26. Kubermetrics
  27. Kustomizer
  28. MetalLB
  29. Kubermatic Kubernetes Platform
    1. Kubermatic Kubeone
  30. Usernetes
  32. Popeye
  33. kbrew
  34. KubExplorer
  35. Kubescape
  36. Kubectl Connections
  37. Benchmark Operator
  38. Source-To-Image (S2I)
  39. VMware Tanzu Octant
  40. Qovery Engine
  41. mck8s Container orchestrator for multi-cluster Kubernetes
  42. Shipwright framework
  43. Schiff (Deutsche Telekom)
  44. NetMaker
  45. AWS Karpenter kubernetes Autoscaler
  46. Kuby (easy deployments of Ruby Rails App)
  47. Direktiv
  48. Jabos
  49. Pleco
  50. Mesh-kridik
  51. kubewatch
  52. Botkube
  53. Robusta
  54. Soup GitOps Operator
  55. Epinio
  56. Testkube
  57. KuberLogic
  58. Kusk
  59. Azure AD Workload Identity
  60. Kubernate
  61. Tackle
  62. Azure Placement Policy Scheduler Plugins
  63. Azure AAD Pod Identity
  64. MicroShift
  65. kubefwd (Kube Forward)
  66. Kpng. Kubernetes Proxy NG
  67. Auto-portforward (apf)
  68. gardener/Terraformer
  69. Werf
  70. Starboard kubernetes-native security toolkit
  71. Netshoot
  72. The Hierarchical Namespace Controller (HNC)
  73. Kratix
  74. gRPC-Gateway
  75. KubeOrbit. Test your app on kubernetes
  76. Mizu API Traffic Viewer for Kubernetes
  77. vcluster
  78. Kateyes
  79. Keepass Secret
  80. Workflow Schedulers
    1. Komodor Workflows
  81. Azure Eraser
  82. Data Pipeline Workflow Schedulers
  83. ConfigMap Reloader
  84. Kluctl
  85. k2tf Kubernetes YAML to Terraform HCL converter
  86. Kubernetes Security Tools
  87. PureLB
  88. Murre
  89. k9s
  90. Pluto
  91. Konf Lightweight Kubeconfig Manager
  92. K8spacket
  93. Infrastructure as Code using Kubernetes. Config Connector
  94. Claudie Cloud-agnostic managed Kubernetes
  95. Observability Monitoring Tools
    1. Debugging and Troubleshooting Tools
  96. Security
  97. Develop microservices locally while being connected to your Kubernetes environment
  98. AI Tools
  99. Tweets
  100. Videos


K8s Tools

  • Download Kubernetes ๐ŸŒŸ An easier way to get the binaries you need
  • ramitsurana/awesome-kubernetes: Tools ๐ŸŒŸ
  • VMware octant A web-based, highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
    • Visualize your Kubernetes workloads. Octant is an open source developer-centric web interface for Kubernetes that lets you inspect a Kubernetes cluster and its applications.
  • KSS - Kubernetes pod status on steroid
  • kubectl-tree kubectl plugin to browse Kubernetes object hierarchies as a tree
  • The Golden Kubernetes Tooling and Helpers list
  • kubech (kubectl change) Set kubectl contexts/namespaces per shell/terminal to manage multi Kubernetes cluster at the same time.
  • Kubecle is a web ui running locally that provides useful information about your kubernetes clusters. It is an alternative to Kubernetes Dashboard. Because it runs locally, you can access any kubernetes clusters you have access to
  • Permission Manager ๐ŸŒŸ is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW. Permission Manager is an application that enables a super-easy and user-friendly RBAC management for Kubernetes. With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice & easy web UI.
  • Kubernetes client tools overview
  • kubectx + kubens: : Power tools for kubectl๐ŸŒŸ๐ŸŒŸ Faster way to switch between clusters and namespaces in kubectl
  • go-kubectx 5x-10x faster alternative to kubectx. Uses client-go.
  • kubevious: application centric Kubernetes UI ๐ŸŒŸ is open-source software that provides a usable and highly graphical interface for Kubernetes. Kubevious renders all configurations relevant to the application in one place.
  • Guard is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth providers. Guard also configures groups of authenticated user appropriately.
  • arkade by example โ€” Kubernetes apps, the easy way ๐ŸŒŸ
  • Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment.
  • Tubectl: a kubectl alternative which adds a bit of magic to your everyday kubectl routines by reducing the complexity of working with contexts, namespaces and intelligent matching resources.
  • Kpt: Packaging up your Kubernetes configuration with git and YAML since 2014 (Google)
  • kubernetes-common-services These services help make it easier to manage your applications environment in Kubernetes
  • k8s-job-notify Kubernetes Job/CronJob Notifier. This tool sends an alert to slack whenever there is a Kubernetes cronJob/Job failure/success.
  • kube-opex-analytics ๐ŸŒŸ Kubernetes Cost Allocation and Capacity Planning Analytics Tool. Built-in hourly, daily, monthly reports - Prometheus exporter - Grafana dashboard.
  • kubeletctl is a command line tool that implement kubelet’s API. Part of kubelet’s API is documented but most of it is not. This tool covers all the documented and undocumented APIs. The full list of all kubelet’s API can be view through the tool or this API table. What can it do ?:
    • Run any kubelet API call
    • Scan for nodes with opened kubelet API
    • Scan for containers with RCE
    • Run a command on all the available containers by kubelet at the same time
    • Get service account tokens from all available containers by kubelet
    • Nice printing :)
  • K8bit โ€” the tiny Kubernetes dashboard ๐ŸŒŸ K8bit is a tiny dashboard that is meant to demonstrate how to use the Kubernetes API to watch for changes.
  • KUbernetes Test TooL (kuttl) ๐ŸŒŸ
  • Portfall: A desktop k8s port-forwarding portal for easy access to all your cluster UIs ๐ŸŒŸ
  • k8s-dt-node-labeller is a Kubernetes controller for labelling a node with devicetree properties (devicetree is a data structure for describing hardware).
  • kubedev ๐ŸŒŸ is a Kubernetes Dashboard that helps developers in their everyday usage
  • Kubectl SSH Proxy ๐ŸŒŸ Kubectl plugin to launch a ssh socks proxy and use it. This plugin aims to make your life easier when using kubectl a cluster that’s behind a SSH bastion.
  • kubectl-images Show container images used in the cluster. Kubectl-images is a kubectl plugin that shows the container images used in the cluster. It first calls kubectl get pods to retrieve pods details and filters out the container image information of each pod then prints out the final result in a table view.
  • Access Pod Online using Podtnl A Powerful CLI that makes your pod available to online without exposing a k8 service.
  • kiosk: Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning ๐ŸŒŸ Kubernetes is designed as a single-tenant platform, which makes it hard for cluster admins to host multiple tenants in a single cluster. Kiosk extends Kubernetes for multi-tenancy. The core idea is to use Kubernetes namespaces as isolated workspaces.
  • asdf-kubectl kubectl plugin for asdf version manager. asdf-vm is a CLI tool that can manage multiple language runtime versions on a per-project basis. It is like gvm, nvm, rbenv & pyenv (and more) all in one! Simply install your languageโ€™s plugin!
  • k8s Spot Rescheduler is a tool that tries to reduce load on a set of Kubernetes nodes. It was designed with the purpose of moving Pods scheduled on AWS on-demand instances to AWS spot instances to allow the on-demand instances to be safely scaled down (By the Cluster Autoscaler).
  • kube-spot-termination-notice-handler is a Kubernetes DaemonSet designed to gracefully delete pods 2 minutes before an EC2 Spot Instance is terminated.
  • Polaris ๐ŸŒŸ helps Kubernetes users avoid common mistakes when configuring their workloads. It runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices, helping you avoid problems in the future.
  • kmoncon Monitoring connectivity between your kubernetes nodes.
  • Tesoro Kapitan Secrets Controller for Kubernetes. Tesoro is Kapitan Admission Controller Webhook. Tesoro allows you to seamleslsly apply Kapitan secret refs in compiled Kubernetes manifests. As it runs in the cluster, it will be able to reveal embedded kapitan secret refs in manifests when applied.
  • DAST operator Dynamic application security testing (DAST) is a Kubernetes operator that leverages OWASP ZAP to make automated basic web service security testing.
  • Teleskope is a Kubernetes dashboard designed to give your devs and product managers an inside view of the cluster.
  • Introducing cdk8s+: Intent-driven APIs for Kubernetes objects Everyone hates yaml. Take that 75 lines of yaml and turn it into 45 lines of testable javascript with cdk8s+
  • KuUI (Kubernetes UI) is a simple UI that can be used to manage the configmaps/secrets of your Kubernetes cluster.
  • Deprek8ion is a set of rego policies to monitor Kubernetes APIs deprecations. It is designed to work with conftest.
  • Beetle Kubernetes multi-cluster deployment automation service.
  • vault-controller A K8s controller to manage Hashicorp Vault configuration using CRDs.
  • k8s-crash-informer is a Kubernetes controller that informs a Mattermost or Slack channel if an annotated deployment goes into crash loop.
  • Azure Arc enabled Kubernetes allows you to connect and manage external Kubernetes clusters in Azure
  • Kip, the Kubernetes Cloud Instance Provider Kip is a Virtual Kubelet provider that allows a Kubernetes cluster to transparently launch pods onto their own cloud instances. The kip pod is run on a cluster and will create a virtual Kubernetes node in the cluster.
  • Kubeletctl is a command line tool that implement kubelet’s API ๐ŸŒŸ
  • k8s-node-label-monitor: Kubernetes Node Label Monitor provides a custom Kubernetes controller for monitoring and notifying changes in the label states of Kubernetes nodes (labels added, deleted, or updated), and can be run either node-local or cluster-wide
  • medium: How to Validate Your Kubernetes Cluster With Sonobuoy ๐ŸŒŸ Run comprehensive conformance testing for your Kubernetes cluster
  • k42s is a full multinode Kubernetes Vagrant cluster with a real load balancer
  • Pluto is a cli tool to help discover deprecated apiVersions in Kubernetes ๐ŸŒŸ Find Kubernetes resources that have been deprecated
  • Switchboard is a tool that manages DNS zones and their A/CNAME records for arbitrary backends. It runs as Kubernetes controller and watches for custom resources DNSZone and DNSRecord.
  • Kubernetes Deployment Builder ๐ŸŒŸ๐ŸŒŸ
  • ktx ๐ŸŒŸ Managing kubeconfig files can become tedious when you have multiple clusters and contexts to switch between. ktx aims to reduce friction caused by switching between various configurations.
  • k8s-alert is a simple and lightweight alerting tool for Kubernetes.
  • Arktos is an open source cluster management system designed for large scale clouds. It is evolved from the open source Kubernetes v1.15 codebase with some fundamental improvements.
  • kube-exec ๐ŸŒŸ is a library similar to os/exec that allows you to run commands in a Kubernetes pod, as if that command was executed locally. It is inspired from go-dexec, which does the same thing, but for a Docker engine.
  • identity-server Identity Server implements a Kubernetes “whoami” service.
  • Kubermatic Kubernetes Platform ๐ŸŒŸ is in an open source project to centrally manage the global automation Kubernetes clusters across multicloud, on-prem and edge with unparalleled density and resilience.
  • The Kubernetes Goat is a project designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.
  • kubefs lets you mount kubernetes’s metadata object store as a file system
  • DAST Operator (Dynamic application security testing) is a Kubernetes operator that leverages OWASP ZAP to make automated basic web service security testing
  • KuUI (Kubernetes UI) is a simple UI that can be used to manage the configmaps/secrets of your Kubernetes cluster.
  • pangolin ๐ŸŒŸ is an enhanced Horizontal Pod Autoscaler for Kubernetes.
  • kubectl-isolate is a kubectl plugin to isolate a Pod from the Kubernetes Service
  • k8s-diagrams ๐ŸŒŸ is a collection of diagrams explaining kubernetes, extracted from our trainings, articles and talks (k8s sec, k8s intro).
  • kconmon is a Kubernetes node connectivity monitoring tool
  • helm-docs is a tool for automatically generating markdown documentation for helm charts.
  • Kubernetes Active Passive Applications is an ingenious script that combines StatefulSets and readiness probes to achieve an active-passive configuration for your Pods/apps.
  • Agorakube is a Certified Kubernetes Distribution that provides an enterprise grade solution following best practices to manage a conformant Kubernetes cluster for on-premise and public cloud providers.
  • dynamic-pv-scaler is a golang based Kubernetes application which has been created to overcome the scaling issue of Persistent Volume in Kubernetes. This can scale the Persistent Volume on the basis of threshold which you have set.
  • Sinker Imagesync enables the syncing of container images from one container registry to another. This is useful in cases where you need to mirror images that exist in a public container registry, to a private one.
  • Cluster Turndown is an automated scaledown and scaleup of a Kubernetes cluster’s backing nodes based on a custom schedule and turndown criteria.
  • Kubernetes Node Label Monitor is a Kubernetes controller for monitoring and notifying about changes to Node label states
  • kubeinit ๐ŸŒŸ KubeInit provides Ansible playbooks and roles for the deployment and configuration of multiple Kubernetes distributions.
  • kubergui: Kubernetes Deployment Builder๐ŸŒŸ quickly builds out a basic Kubernetes Deployment and Kubernetes Service YAML. Kubernetes GUI YAML generators for simple but typo-prone tasks.
  • fubectl is a tool that reduces repetitive interactions with kubectl
  • Authelia ๐ŸŒŸ is a Single Sign-On and Multi-Factor portal for web apps that can be installed in Kubernetes and can integrate with your ingress controller
  • k8sdeploy is a go based tool, written with the goal of creating a cli that utilizes helm and kubernetes client libraries to deploy to multiple namespaces at once.
  • kubewatch ๐ŸŒŸ๐ŸŒŸ
  • node-policy-webhook is a Kubernetes webhook designed to help you handle tolerations, nodeSelector and nodeAffinity.
  • kubeonoff is a simple web UI for managing Kubernetes deployments.
  • ipvs-node-controller is the kubernetes controller that solves External-IP (Load Balancer IP) issue with IPVS proxy mode.
  • kubeonoff A simple web UI for managing Kubernetes deployments. Kubeonoff is a small web UI that allows to quickly stop/start/restart pods. Basically it’s for non-developers to manage k8s objects per namespace.
  • Maistra ๐ŸŒŸ is an opinionated distribution of Istio designed to work with Openshift. It combines Kiali, Jaeger, and Prometheus into a platform managed according to the OperatorHub lifecycle.
  • custom-pod-autoscaler A Custom Pod Autoscaler is a Kubernetes autoscaler that is customised and user created. The Custom Pod Autoscaler framework allows easier and faster development of Kubernetes autoscalers.
  • Kubevol ๐ŸŒŸ allows you to audit all your Kubernetes pods for an attached volume or see all the volumes attached to each pod by a specific type (eg: ConfigMap, Secret).
  • kubectl-fuzzy ๐ŸŒŸ uses fzf(1)-like fuzzy-finder to do partial or fuzzy search of Kubernetes resources. Instead of specifying full resource names to kubectl commands, you can choose them from an interactive list that you can filter by typing a few characters.
  • Setec ๐ŸŒŸ Setec (pronounced see-tek) is a utility tool that encrypts and decrypts secrets that are managed by Bitnami’s Sealed Secrets.
  • Kompose (Kubernetes + Compose) ๐ŸŒŸ kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Docker Compose file and translates it into Kubernetes resources. kompose is a convenience tool to go from local Docker development to managing your application with Kubernetes. Transformation of the Docker Compose format to Kubernetes resources manifest may not be exact, but it helps tremendously when first deploying an application on Kubernetes.
  • ๐ŸŒŸ Easily deploy and manage applications on Kubernetes. Get what you want out of Kubernetes without having to write and maintain a ton of custom tooling. Deploy apps, handle requests, and hook up CI/CD, all through an intuitive web interface.
  • Kev Develop Kubernetes apps iteratively with Docker-Compose. Kev helps developers port and iterate Docker Compose apps onto Kubernetes. It understands the Docker Compose application topology and prepares it for deployment in (multiple) target environments, with minimal user input. We leverage the Docker Compose specification and allow for target-specific configurations to be applied to each component of the application stack, simply.
  • Synator Kubernetes Secret and ConfigMap synchronizer ๐ŸŒŸ Synator synchronize your Secrets and ConfigMaps with your desired namespaces
  • kubes ๐ŸŒŸ is a Kubernetes Deployment Tool. It builds the docker image, creates the Kubernetes YAML, and runs kubectl apply.
  • Kubernetes DaemonSet that enables a direct shell on each Node using SSH to localhost Learn how you can use a DaemonSet to expose an SSH shell on each node of your cluster (even if you don’t have SSH installed). I run several K8S cluster on EKS and by default do not setup inbound SSH to the nodes. Sometimes I need to get into each node to check things or run a one-off tool. Rather than update my terraform, rebuild the launch templates and redeploy brand new nodes, I decided to use kubernetes to access each node directly.
  • NS Killer A Kubernetes project to kill all namespace living over X times. Quite useful when auto-generated development environments on the fly and give them a lifecycle out-of-the-box from Kubernetes or even Helm. You might find it useful if auto-generate development environments on the fly and want to remove old ones on a schedule.
  • kubeswitch: Kubernetes Version Switcher ๐ŸŒŸ Easily switch kubectl binary versions.
  • Kubeswitch (for operators) ๐ŸŒŸ The kubectx for operators. kubeswitch (lazy: switch) takes Kubeconfig context switching to the next level, catering to operators of large scale Kubernetes installations. Designed as a drop-in replacement for kubectx.
  • kubectl build (formerly known as kubectl-kaniko) Kubectl build mimics the kaniko executor, but performs building on your Kubernetes cluster side. This allows you to simply build your local dockerfiles remotely without leaving your cozy environment.
  • Kubei ๐ŸŒŸ is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images used in a Kubernetes cluster including images of application pods and system pods
  • Shell-operator is a tool for running event-driven scripts in a Kubernetes cluster. Shell-operator provides an integration layer between Kubernetes cluster events and shell scripts.
  • sinker is a tool to sync images from one container registry to another This is useful in cases when you rely on images that exist in a public container registry, but need to pull from a private registry.
  • ecrcp aims to mimic cp command in Linux systems as closely as possible in its implementation. Consider ecrcp to be the cp equivalent to copy container images from docker hub to ECR.
  • Checkov ๐ŸŒŸ is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, Kubernetes, Serverless or ARM Templates and detects security and compliance misconfigurations.
  • Cluster Cloner ๐ŸŒŸ Reads the Kubernetes clusters in one location (optionally filtering by labels) and clones them into another (or just outputs JSON as a dry run), to/from AWS, GCP, and Azure.
  • kubectl-eksporter ๐ŸŒŸ A simple Ruby-script to export k8s resources, and removes a pre-defined set of fields for later import.
  • kubectl-neat ๐ŸŒŸ Remove clutter from Kubernetes manifests to make them more readable.
  • medium: 4 Simple Kubernetes Terminal Customizations to Boost Your Productivity
  • Move2Kube ๐ŸŒŸ Move2Kube is a command-line tool that accelerates the process of re-platforming to Kubernetes/Openshift. It does so by analysing the environment and source artifacts, and asking guidance from the user when required. This tool that can help users migrate from Cloud Foundry and Docker Swarm to Kubernetes.
  • skopeo ๐ŸŒŸ Use skopeo to copy images between registries
  • junit5-kubernetes aims at using a kubernetes pod directly form your junit5 test classes.
  • Replacing ngrok with ktunnel
  • seaworthy: A CLI to verify #Kubernetes resource health !! ๐ŸŒŸ Post-apply check to verify your K8s resources are Seaworthy
  • kVDI A Kubernetes-native Virtual Desktop Infrastructure.
  • kcg ๐ŸŒŸ is a command line tool that lets you create kubeconfig files. The user can interactively choose a namespace and service account and generate a config file with token authentication that has same RBAC permissions assigned to chosen service account.
  • Compass ๐ŸŒŸ Quickly Pinpoint Errors in your Kubernetes Deployment.
  • kubernetes-dashboard-iam-proxy An in-browser version of aws eks get-token to enable cluster authentication using IAM for the Kubernetes dashboard.
  • Gitkube ๐ŸŒŸ is a tool for building and deploying Docker images on Kubernetes using git push. After a simple initial setup, users can simply keep git push-ing their repos to build and deploy to Kubernetes automatically.
  • vesion-checker is a Kubernetes utility for observing the current versions of images running in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.
  • Descheduler for Kubernetes ๐ŸŒŸ -> Balance your Kubernetes cluster
  • kubediff ๐ŸŒŸ is a tool for Kubernetes to show you the differences between your running configuration and your version controlled configuration.
  • awslabs/karpenter Karpenter is a metrics-driven autoscaler built for Kubernetes and can run in any Kubernetes cluster anywhere. It’s performant, extensible, and can autoscale anything that implements the Kubernetes scale subresource.
  • ekglue - Envoy/Kubernetes glue ekglue is a projects that facilitates connecting Kubernetes and Envoy, allowing Envoy to read Kubernetes services and endpoints as clusters (via CDS) and endpoints (via EDS).
  • salesforce/Craft CRAFT helps you to create Kubernetes Operators in a robust and generic way for any resource, letting developers focus on CRUD operations of resource management in a Dockerfile.
  • hyscale ๐ŸŒŸ HyScale takes a declarative definition of your service config and it generates Dockerfile, Container Image, Kubernetes Manifests (YAMLs) and deploys to any Kubernetes Cluster.
  • kubectl-reap is a kubectl plugin that deletes unused Kubernetes resources ๐ŸŒŸ
  • KubeLinter ๐ŸŒŸ is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
  • KRD: Kubernetes Reference Deployment krd offers a reference for deploying a Kubernetes cluster. Its ansible playbooks allow to provision a deployment on Bare-metal or Virtual Machines
  • kubeshell is a command line tool to interactively shell in to (and out of) kubernetes pods.
  • k8s-harness ๐ŸŒŸ lets you create a disposable Kubernetes cluster with vagrant and Ansible to test your app in a prod-like environment.
  • Secret backup operator is an operator designed to backup secrets on a Kubernetes cluster. Backup happens when secrets are modified.
  • DevNation: 10 awesome kubernetes tools every user should know
  • HyScale ๐ŸŒŸ takes a declarative definition of your service config and it generates Dockerfile, Container Image, Kubernetes Manifests (YAMLs) and deploys to any Kubernetes Cluster
  • kube-fledged is a kubernetes add-on for creating and managing a cache of container images directly on the worker nodes of a kubernetes cluster. It allows a user to define a list of images and onto which worker nodes those images should be cached (i.e. pre-pulled). As a result, application pods start almost instantly, since the images need not be pulled from the registry.
  • Tagger keeps references to externally hosted Docker images internally in a Kubernetes cluster by mapping their tags (such as latest) into their references by hash
  • helm-ecr ๐ŸŒŸ is a Helm plugin that supports installing Charts from AWS ECR.
  • PipeCD is a continuous delivery system for declarative Kubernetes, Serverless, and Infrastructure applications.
  • kubecolor ๐ŸŒŸ colorises your kubectl output
  • kubectl-sudo This plugin allows users to run kubernetes commands with the security privileges of another user.
  • kfilt is a tool that lets you filter specific resources from a stream of Kubernetes YAML manifests. It can read manifests from a file, URL, or from stdin.
  • k8s-mirror: Creates a local mirror of a kubernetes cluster in a docker container to support offline reviewing ๐ŸŒŸ
  • kube-secret-syncer ๐ŸŒŸ is a Kubernetes operator developed using the Kubebuilder framework that keeps the values of Kubernetes Secrets synchronised to secrets in AWS Secrets Manager.
  • kapp ๐ŸŒŸ is a CLI that calculates changes between your configuration and live cluster state and applies changes you approve.
  • Break down the barriers between development, testing, and CI. Use the same workflows and production-like Kubernetes environments at every step of the process
  • pvc-autoresizer resizes PersistentVolumeClaims (PVCs) when the free amount of storage is below the threshold. It queries the volume usage metrics from Prometheus that collects metrics from kubelet.
  • sKan is a tailor made Kubernetes configuration files and resources scanner that enables developers and devops team members to check whether their work is compliant with security & ops best practices
  • Kubernetes Node Auto Labeller
  • Kube_query Use kubectl but on all of the available k8s clusters available in the kubeconfig file. Currently will query only AWS EKS clusters.
  • kubernetes-event-exporter ๐ŸŒŸ This tool allows exporting the often missed Kubernetes events to various outputs so that they can be used for observability or alerting purposes. You won’t believe what you are missing.
  • Kubeconform ๐ŸŒŸ is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration using the schemas from kubernetes-json-schema. Similar to Kubeval, but with the following improvements:
    • High performance
    • Remote or local schemas locations
    • Up-to-date schemas for all recent versions of Kubernetes
  • Kubernetes Janitor cleans up (deletes) Kubernetes resources on a configured TTL (time to live) or a configured expiry date (absolute timestamp).
  • kube-batch is a batch scheduler for Kubernetes, providing mechanisms for applications which would like to run batch jobs leveraging Kubernetes. A batch scheduler of kubernetes for high performance workload, e.g. AI/ML, BigData, HPC
  • slipway: A Kubernetes controller to automate gitops provisioning
  • dnsconfig-injector - Mutating Admission Webhook for dnsconfig pod injection
  • kubectl-view-webhook ๐ŸŒŸ Visualize your webhook configurations in Kubernetes.
  • ContainerSSH: Launch containers on demand ๐ŸŒŸ๐ŸŒŸ ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects. Authentication and container configuration are dynamic using webhooks, no system users required.
  • Kubei โ€“ Kubernetes Runtime Vulnerabilities Scanner ๐ŸŒŸ
  • Lockbox: Offline encryption of Kubernetes Secrets Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller. A companion CLI tool, locket, makes encrypting secrets a one-step process.
  • openshift: Introducing kube-burner, A tool to Burn Down Kubernetes and OpenShift ๐ŸŒŸ Kube-burner is a tool designed to stress different OpenShift components basically by coordinating the creation and deletion of k8s resources. Along this blog series weโ€™ll talk about how to use it in OpenShift 4.
  • kube-ebpf-exporter ๐ŸŒŸ Prometheus exporter for custom eBPF metrics.
  • qontract qontract (Queryable cONTRACT) is a collection of tools used to SREs to expose available managed services to application developer teams.
  • sheaf Manages bundles of Kubernetes components. sheaf is a tool that can create a bundle of Kubernetes components. It can generate an archive from the bundle that can be distributed for use in Kubernetes clusters. The initial idea was inspired by CNAB. It answers the question: how can I distribute Kubernetes manifests with their associated images?
  • CNABs facilitate the bundling, installing and managing of container-native apps โ€” and their coupled services
  • Secure Access to Kubernetes From Your Pipeline
  • openpitrix ๐ŸŒŸ Application Management Platform on Multi-Cloud Environment. OpenPitrix is a web-based open-source system to package, deploy and manage different types of applications including Kubernetes application, microservice application and serverless applications into multiple cloud environment such as AWS, Azure, Kubernetes, QingCloud, OpenStack, VMWare etc.
  • kube-burner ๐ŸŒŸ Kube-burner is a tool aimed at stressing kubernetes clusters.
  • gimletd - the GitOps release manager GimletD acts as a release manager and detaches the release workflow from CI. By doing so, it unlocks the possibility of advanced release logics and flexibility to refactor workflows.
  • kubectl skew ๐ŸŒŸ A simple kubectl plugin to show if your kubernetes/kubectl version is “skewed”. In kubernetes, version skew policy is a bit confusing, especially for beginners. However, it is important to make sure you are always following the policy because using unsupported cluster/kubectl is problematic and even dangerous.
  • Offline encryption of Kubernetes Secrets. Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller. A companion CLI tool, locket, makes encrypting secrets a one-step process.
  • Suspicious pods ๐ŸŒŸ Prints a list of k8s pods that might not be working correctly
  • Armada A multi-cluster batch queuing system for high-throughput workloads on Kubernetes. Armada is an application to achieve high throughput of run-to-completion jobs on multiple Kubernetes clusters. It stores queues for users/projects with pod specifications and creates these pods once there is available resource in one of the connected Kubernetes clusters.
  • Ko: Easy Go Containers ๐ŸŒŸ Build and deploy Go applications on Kubernetes
  • Kubetail ๐ŸŒŸ Bash script to tail Kubernetes logs from multiple pods at the same time
    • Stern ๐ŸŒŸ Multi pod and container log tailing for Kubernetes. Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging – Friendly fork of
  • kubestr ๐ŸŒŸ Explore your Kubernetes storage options. Kubestr is a collection of tools to discover, validate and evaluate your kubernetes storage options.
  • KubeEye: An Automatic Diagnostic Tool that Provides a Holistic View of Your Kubernetes Cluster ๐ŸŒŸ
  • k8gb ๐ŸŒŸ A cloud native Kubernetes Global Balancer
  • k8s-image-swapper ๐ŸŒŸ Mirror images into your own registry and swap image references automatically.
  • RBACSync ๐ŸŒŸ Automatically sync groups into Kubernetes RBAC. RBACSync provides a Kubernetes controller to synchronize RoleBindings and ClusterRoleBindings, used in Kubernetes RBAC, from group membership sources using consolidated configuration objects.
  • Saffire a controller to override image sources in the event that an image cannot be pulled. The intent of saffire is to provide operators with a method of automatically switching image repositories when imagePullErrors occur.
  • Cluster API Provider for Managed Bare Metal Hardware This repository contains a Machine actuator implementation for the Kubernetes Cluster API for managing bare metal hardware - Bare metal host provisioning for kubernetes
  • Kubernetes: 6 open source tools to put your cluster to the test The Kubernetes ecosystem includes an ever-growing number of tools and services you can plug in: Letโ€™s look at six useful tools for putting your Kubernetes cluster and applications to the test.
  • kubectl-node-restart ๐ŸŒŸ Krew plugin to restart Kubernetes Nodes sequentially and gracefully
  • k8s-platform-lcm: Kubernetes platform lifecycle management ๐ŸŒŸ A faster and easier way to manage the lifecycle of applications and tools, running and living around your Kubernetes platform. Kubernetes platform lifecycle management helps you keep track of all your software and tools that are used or running in and around your Kubernetes platform.
  • Nebula A scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world.
  • kube-bench Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • kube-bench-exporter Helps you to export your kube-bench reports to multiple targets like Amazon S3 buckets with ease.
  • Karmada Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications. By speaking Kubernetes-native APIs and providing advanced scheduling capabilities, Karmada enables truly open, multi-cloud Kubernetes. -
  • kube-secrets-init Kubernetes mutating webhook for secrets-init injection
  • liqo: Enable dynamic and seamless Kubernetes multi-cluster topologies Building your endless Kubernetes ocean. Enable dynamic and seamless Kubernetes multi-cluster topologies. Liqo is a platform to enable dynamic and decentralized resource sharing across Kubernetes clusters, either on-prem or managed. Liqo allows to run pods on a remote cluster seamlessly and without any modification of Kubernetes and the applications. With Liqo it is possible to extend the control plane of a Kubernetes cluster across the cluster’s boundaries, making multi-cluster native and transparent: collapse an entire remote cluster to a virtual local node, by allowing workloads offloading and resource management compliant with the standard Kubernetes approach.
  • redhat-certification: chart-verifier: Rules based tool to certify Helm charts ๐ŸŒŸ
  • helm-changelog: Create changelogs for Helm Charts, based on git history
  • ๐ŸŒŸ๐ŸŒŸ Ingress Builder allows users to select any annotation from the list of available controllers, to add to the ingress manifest.
  • Jetstack Secure Agent ๐ŸŒŸ๐ŸŒŸ Automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA)
  • Replicated Troubleshoot ๐ŸŒŸ Troubleshoot is a framework for collecting, redacting, and analyzing highly customizable diagnostic information about a Kubernetes cluster.
  • ๐ŸŒŸ A kubectl plugin to show out-of-date images running in a cluster.
  • kubestriker ๐ŸŒŸ A Blazing fast Security Auditing tool for Kubernetes. Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation.
  • KubeEye ๐ŸŒŸ KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems.
  • Analyze Kubernetes Audit logs using Falco ๐ŸŒŸ Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco
  • KubeHelper KubeHelper - simplifies many daily Kubernetes cluster tasks through a web interface. Search, analysis, run commands, cron jobs, reports, filters, git synchronization and many more.
  • kubewebhook Go framework to create Kubernetes mutating and validating webhooks
  • kaDalu A lightweight Persistent storage solution for Kubernetes / OpenShift using GlusterFS in background. Kadalu is a project which started as an idea to make glusterfs’s deployment and management simpler in kubernetes
  • ๐ŸŒŸ A tool that accelerates the process of re-hosting / re-platforming virtual machines to Kubernetes and KubeVirt. It does so by mapping resources (network and storage), creating equivalent resources int he target, and converting disk images.
    • Migrate virtual machines to Kubernetes with this new tool - forklift ๐ŸŒŸ Transition your virtualized workloads to Kubernetes with Forklift.
    • konveyor ๐ŸŒŸ is an open source project that helps transition existing workloads (development, test, and production) to Kubernetes. Its tools include Crane, to move containers from one Kubernetes platform to another; Move2Kube, to bring workloads from Cloud Foundry to Kubernetes; and Tackle, to analyze Java applications to modernize them by making them more standard and portable for the runtimes available in containerized platforms like Kubernetes.
  • go-containerregistry ๐ŸŒŸ Go library and CLIs for working with container registries
  • kubebox Terminal and Web console for Kubernetes
  • skooner - Kubernetes Dashboard Simple Kubernetes realtime dashboard and management
  • Polaris: Best Practices for Kubernetes Workload Configuration ๐ŸŒŸ Validation of best practices in your Kubernetes clusters - What is Fairwindsโ€™ Polaris? Kubernetes Open Source Configuration Validation
  • Krane ๐ŸŒŸ is a Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.
  • KTail: Kubernetes log viewer ๐ŸŒŸ KTail allows you to tail multiple pods in one view. It automatically detects updates and attaches to new pods. Configurable highlighters show how often regular expressions matched and let you quickly navigate in the results.
  • Manifesto ๐ŸŒŸ allows you to create an application structure to facilitate easy deployment to kubernetes. Jsonnet is used to create the underlying application structure, manifesto manipulates this structure to produce manifests.
  • SigNoz: Open source Application Performance Monitoring (APM) & Observability tool ๐ŸŒŸ SigNoz helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.
  • port-map-operator LoadBalancer Service type implementation for home clusters via Port Control Protocol.
  • Raspbernetes - Kubernetes Cluster: k8s-gitops Kubernetes cluster managed by GitOps - Git as a single source of truth, automated pipelines, declarative everything, next-generation DevOps. This repo is a declarative implementation of a Kubernetes cluster. It’s using the GitOps Toolkit known as Fluxv2. The goal is to demonstrates how to implement enterprise-grade security, observability, and overall cluster config management using GitOps in a Kubernetes cluster.
  • Kpexec kpexec is a kubernetes cli that runs commands in a container with high privileges.
  • OpenShiftKubeAudit An auditing program to detect incompatibilities in Kubernetes manifests brought over to OpenShift. This auditing tool currently only supports Kubernetes manifests, but we plan to expand it to include Helm charts and Go code, as well. The tool is in very early stages, but is looking for community input to help add use cases.
  • Kubernetes Kpt in The Wild: What it is and how to use it ๐ŸŒŸ Kubernetes Kpt is tooling by Google that facilitates a structured approach to defining, managing, and distributing kubernetes templates between teams and orgs.
  • RollingUpgrade Reliable, extensible rolling-upgrades of Autoscaling groups in Kubernetes
  • Kerbi ๐ŸŒŸ Kerbi (Kubernetes Emdedded Ruby Interpolator) is yet another templating engine for generating Kubernetes resource manifests. It enables multi-strategy, multi-source templating, giving you the freedom to design highly specialized templating pipelines.
  • Kourier Purpose-built Knative Ingress implementation using just Envoy with no additional CRDs. Kourier is an Ingress for Knative Serving. Kourier is a lightweight alternative for the Istio ingress as its deployment consists only of an Envoy proxy and a control plane for it.
  • space-cloud: Develop, Deploy and Secure Serverless Apps on Kubernetes. Open source Firebase + Heroku to develop, scale and secure serverless apps on Kubernetes - Space Cloud is a Kubernetes based serverless platform that provides instant, realtime APIs on any database, with event triggers and unified APIs for your custom business logic.
  • Comparing Modern-Day Container Image Builders: Jib, Buildpacks and Docker ๐ŸŒŸ
  • Teleport ๐ŸŒŸ Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
  • weaveworks: kured - Kubernetes Reboot Daemon ๐ŸŒŸ - One year kured - your Kubernetes Reboot Daemon Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS. Many rely on Kured, which helps perform safe automatic node reboots when indicated by the package management of the underlying OS, to help make OS security better.
  • k8s-cluster-simulator Kubernetes cluster simulator for evaluating schedulers.
  • kubelogin ๐ŸŒŸ kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
  • kube-oidc-proxy Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
    • Updating kube-oidc-proxy Kubernetes offers multiple ways to authenticate users to the API server. The best way to go, when available, is to use OpenID Connect (OIDC). We’ve talked about why you shouldn’t use certificates for kubernetes authentication, but most cloud providers won’t let you configure the API server flags needed to integrate managed clusters into an OIDC identity provider.
  • KubeSurvival ๐ŸŒŸ Significantly reduce Kubernetes costs by finding the cheapest machine types that can run your workloads
  • K8s Vault Webhook ๐ŸŒŸ - github: k8s-vault-webhook A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
  • cf-for-k8s The open source deployment manifest for Cloud Foundry on Kubernetes. cf-for-k8s blends the popular CF developer API with Kubernetes, Istio, and other open source technologies. The project aims to improve developer productivity for organizations using Kubernetes
  • tekline ๐ŸŒŸ tekline is a tekton delegated-pipeline to enable a bring-your-own pipeline configuration.
  • nerdctl ๐ŸŒŸ Docker-compatible CLI for containerd
  • El Carro: The Oracle Operator for Kubernetes ๐ŸŒŸ El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a powerful declarative API for comprehensive and consistent configuration and deployment as well as for real-time operations and monitoring.
  • jspolicy jsPolicy is an operator that helps you define Kubernetes Policies using JavaScript or TypeScript. Easier & Faster Kubernetes Policies using JavaScript or TypeScript.
  • k8scr ๐ŸŒŸ A kubectl plugin for pushing OCI images through the Kubernetes API server.
  • jsonnet-controller A fluxcd controller for managing manifests declared in jsonnet.
  • rback: RBAC in Kubernetes visualizer ๐ŸŒŸ๐ŸŒŸ A simple “RBAC in Kubernetes” visualizer. No matter how complex the setup, rback queries all RBAC related information of an Kubernetes cluster in constant time and generates a graph representation of service accounts, (cluster) roles, and the respective access rules in dot format.
  • github: Kubernetes JSON Schemas ๐ŸŒŸ Schemas for every version of every object in every version of Kubernetes
  • Metacontroller Metacontroller is an add-on for Kubernetes that makes it easy to write and deploy custom controllers in the form of simple scripts.
  • KubeCarrier - Service Management at Scale KubeCarrier is an open source system for managing applications and services across multiple Kubernetes Clusters; providing a framework to centralize the management of services and provide these services with external users in a self service hub.
  • NFS Ganesha server and external provisioner NFS Ganesha Server and Volume Provisioner. nfs-ganesha-server-and-external-provisioner is an out-of-tree dynamic provisioner for Kubernetes 1.14+. You can use it to quickly & easily deploy shared storage that works almost anywhere.
  • Armada kubectl plugin ๐ŸŒŸ Command line tools to manage kustomize packaged apps deployment. Armada is a Kubectl plugin that adds templating capacity and manage deployment to Kustomize apps. Templating uses go template to allow you to generate kustomize apps with templates inside. Armada allows you to git clone a packaged kustomize base and call it with the help of a config file.
  • Minnaker Minnaker is a simple way to install Spinnaker inside a VM. Spinnaker on Lightweight Kubernetes (K3s)
  • kVDI A Kubernetes-native Virtual Desktop Infrastructure
  • Kubesurveyor ๐ŸŒŸ Good enough Kubernetes namespace visualization tool. No provisioning to a cluster required, only Kubernetes API is scrapped.
  • NVIDIA k8s-device-plugin NVIDIA device plugin for Kubernetes. The NVIDIA device plugin for Kubernetes is a Daemonset that allows you to automatically: Expose GPUs on each nodes of your cluster, Keep track of the health of your GPUs, Run GPU enabled containers.
  • kubectl-tmux-exec A kubectl plugin to control multiple pods simultaneously using Tmux
  • grype: a vulnerability scanner for container images and filesystems
  • KubeView ๐ŸŒŸ Kubernetes cluster visualiser and graphical explorer. KubeView displays what is happening inside a Kubernetes cluster (or single namespace), it maps out the API objects and how they are interconnected. Data is fetched real-time from the Kubernetes API. The status of some objects (Pods, ReplicaSets, Deployments) is colour coded red/green to represent their status and health
  • karma ๐ŸŒŸ Alert dashboard for Prometheus Alertmanager
  • Rancher Desktop ๐ŸŒŸ Kubernetes and container management to the desktop. Rancher Desktop is an open-source project to bring Kubernetes and container management to the desktop. Windows and macOS versions of Rancher Desktop are available for download.
  • realvz/awesome-eks: A curated list of awesome tools for Amazon EKS ๐ŸŒŸ
  • salesforce/Sloop - Kubernetes History Visualization ๐ŸŒŸ Sloop monitors Kubernetes, recording histories of events and resource state changes and providing visualizations to aid in debugging past events.
  • scalabledelivery/init-sync Sidecar for securely copying directory for statefulsets. A sidecar containner and initContainer for securely copying a directory between pods in StatefulSets.
  • Kspan - Turning Kubernetes Events into spans ๐ŸŒŸ Most Kubernetes components produce Events when something interesting happens. This program turns those Events into OpenTelemetry Spans, joining them up by causality and grouping them together into Traces.
  • csi-rclone: CSI rclone mount plugin CSI driver for rclone. This project implements Container Storage Interface (CSI) plugin that allows using rclone mount as storage backend. Rclone mount points and parameters can be configured using Secret or PersistentVolume volumeAttibutes.
  • Top 9 Open Source DevSecOps Tools for Kubernetes in 2021 ๐ŸŒŸ Anchore, Checkov, Clair, Falco, Kube-bench, Kube-hunter, KubeLinter, Open Policy Agent (OPA), Terrascan
  • Kdo: deployless development on Kubernetes ๐ŸŒŸ Kdo is a command line tool that enables developers to run, develop and test code changes in a realistic deployed setting without having to deal with the complexity of Kubernetes deployment and configuration.
  • chekr A inspection utility for the maintenance of Kubernetes clusters.
  • KUR8 ๐ŸŒŸ A visual overview of Kubernetes architecture and Prometheus metrics. KUR8 is an open-source Kubernetes analytics, monitoring, and visualizer web application that allows for querying, alerts, and creating custom charts and graphs that leverage Prothemeus and its time logged series database metrics.
  • mperezco/forklift-configmap-service Systemd service to run in VMs on KubeVirt to mount ConfigMaps
  • cdk8s Define Kubernetes native apps and abstractions using object-oriented programming
  • Havener Think of it as a swiss army knife for Kubernetes tasks.
  • KFServing ๐ŸŒŸ Serverless Inferencing on Kubernetes. KFServing provides a Kubernetes Custom Resource Definition for serving machine learning (ML) models on arbitrary frameworks. It aims to solve production model serving use cases by providing performant, high abstraction interfaces for common ML frameworks like Tensorflow, XGBoost, ScikitLearn, PyTorch, and ONNX.
  • rkubelog ๐ŸŒŸ Send k8s Logs to Papertrail and Loggly Without DaemonSets (for Nodeless Clusters) - dzone: ContainerD Kubernetes Syslog Forwarding Move from Logspout to Filebeat to support containerd logging architecture.
  • kubernetes-sigs: Trimaran: Load-aware scheduling plugins ๐ŸŒŸ Trimaran is a collection of load-aware scheduler plugins - IBM, Red Hat Bring Load-Aware Resource Management to Kubernetes
  • AWS Controllers for Kubernetes (ACK) ๐ŸŒŸ AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
  • connaisseur An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
  • VolSync ๐ŸŒŸ Asynchronous data replication for Kubernetes volumes. VolSync asynchronously replicates Kubernetes persistent volumes between clusters using either rsync or rclone. It also supports creating backups of persistent volumes via restic. VolSync, a new storage-agnostic utility for exporting and importing objects from one Kubernetes namespace to another, even across clusters!
  • ketall Kubectl plugin to show really all kubernetes resources. Like kubectl get all, but get really all resources
  • kube-scheduler-simulator Web-based Kubernetes scheduler simulator
  • multus-cni ๐ŸŒŸ A CNI meta-plugin for multi-homed pods in Kubernetes. Multus CNI is a container network interface (CNI) plugin for Kubernetes that enables attaching multiple network interfaces to pods. Typically, in Kubernetes each pod only has one network interface (apart from a loopback) – with Multus you can create a multi-homed pod that has multiple interfaces. This is accomplished by Multus acting as a “meta-plugin”, a CNI plugin that can call multiple other CNI plugins.
  • kim - The Kubernetes Image Manager
  • KUDO: The Kubernetes Universal Declarative Operator ๐ŸŒŸ KUDO is a toolkit that makes it easy to build Kubernetes Operators, in most cases just using YAML.
  • K8sPurger ๐ŸŒŸ K8SPurger is a controller that finds all unused resources and show them in a nice format
  • jenkins-x/gsm-controller gsm-controller is a Kubernetes controller that copies secrets from Google Secrets Manager into Kubernetes secrets. The controller watches Kubernetes secrets looking for an annotation, if the annotation is not found on the secret nothing more is done.
  • kontacts A Kubernetes directory tool for finding pods and services.
  • sciuro Alertmanager to Kubernetes Node conditions bridge. Sciuro is a bridge between Alertmanager and Kubernetes to sync alerts as Node Conditions. It is designed to work in tandem with other controllers that observe Node Conditions such as draino or the cluster-api.
  • rottencandy/vimkubectl Manage Kubernetes resources from Vim
  • carlosedp/cluster-monitoring: Cluster Monitoring stack for ARM / X86-64 platforms Cluster monitoring stack for clusters based on Prometheus Operator
  • abhirockzz/kubexpose-operator Access your Kubernetes Deployment over the Internet - Kubexpose: A Kubernetes Operator, for fun and profit! Access your Kubernetes Deployment over the Internet
  • kubernetes-reflector Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.
  • Another Autoscaler Another Autoscaler is a Kubernetes controller that automatically starts, stops, or restarts pods from a deployment at a specified time using a cron syntax.
  • cloud-ark/kubeplus ๐ŸŒŸ Kubernetes Operator to deliver Helm charts as-a-service
  • cloud-ark/caastle Full-stack microservices deployment for Google Kubernetes Engine and Amazon Elastic Container Service
  • eezhee/eezhee The easiest way to build a k3s cluster on various public clouds. A super fast and easy way to create a k3s based kubernetes cluster on a variety of public clouds. Currently DigitalOcean, Linode and Vultr are supported. All it takes is a single command and about 2 minutes and your cluster is ready to use. Most of the time is taken by the cloud provider bring up the base VM. Eezhee is ideal for development, testing or learning about Kubernetes.
  • ContainerSolutions/ImageWolf: ImageWolf - Fast Distribution of Docker Images on Clusters Fast Distribution of Docker Images on Clusters. ImageWolf is a PoC that provides a blazingly fast way to get Docker images loaded onto your cluster, allowing updates to be pushed out quicker.
  • dcherman/image-cache-daemon Image Cache Daemon is a service to pre-pull / cache images on Kubernetes before they’re needed
  • KnicKnic/temp-kubernetes-ci: Temp Kubernetes CI A github action to create a k3s kubernetes cluster in your CI VM for both linux & windows. Also has cmdline to copy and paste for other CI platforms.
  • mattmoor/warm-image: Kubernetes WarmImage CRD A Kubernetes CRD for prefetching container images onto nodes.
  • maorfr/kube-tasks: Kube tasks A tool to perform simple Kubernetes related actions. Simple Backups, Wait for Pods, Execute a command in a container.
  • tmobile/MagTape MagTape Policy-as-Code for Kubernetes. MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies. MagTape includes variable policy enforcement, notifications, and targeted metrics
  • vidispine/HULL - Helm Uniform Layer Library HULL (Helm Uniform Layer Library) is designed to ease building, maintaining and configuring Kubernetes objects in Helm charts.
  • hiddeco/Cronjobber Cronjobber is a cronjob controller for Kubernetes with support for time zones
  • karmab/autolabeller This repo contains a controller automatically labelling nodes based on either:
    • predefined regex rules matching node name.
    • a set of matching labels (with their associated value) present on the node.
  • kubernetes-sigs/nfs-subdir-external-provisioner: Kubernetes NFS Subdir External Provisioner Dynamic sub-dir volume provisioner on a remote NFS server. NFS subdir external provisioner is an automatic provisioner that use your existing NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims
  • ori-edge/k8s_gateway A CoreDNS plugin to resolve all types of external Kubernetes resources. k8s_gateway is a CoreDNS plugin that resolves load balancer and external IPs from outside Kubernetes clusters and supports all types of Kubernetes external resources - Ingress, Service of type LoadBalancer.
  • viaduct-ai/kustomize-sops KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
  • Using Makefiles And Envsubst As An Alternative To Helm And Ksonnet (deprecated)
  • Kubernetes Semaphore: A modular and nonintrusive framework for cross cluster communication
  • zakkg3/ClusterSecret: Kubernetes ClusterSecret operator ClusterSecret operator makes sure all the matching namespaces have the secret available. New namespaces, if they match the pattern, will also have the secret. Any change on the ClusterSecret will update all related secrets. Deleting the ClusterSecret deletes “child” secrets (all cloned secrets) too.
  • tektoncd/chains Tekton Chains is a Kubernetes Custom Resource Definition (CRD) controller that allows you to manage your supply chain security in Tekton.
  • gopaddle-io/configurator Synchronize and Version Control ConfigMaps & Secrets across Deployment Rollouts.
  • biosimulations/deployment Kubernetes Configuration for BioSimulations platform.
  • chrislusf/seaweedfs SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, local tiering, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, Hadoop, WebDAV, encryption, Erasure Coding.
  • kubernetes-sigs/kui A hybrid command-line/UI development experience for cloud-native development
  • DaspawnW/vault-crd Vault CRD for sharing Vault Secrets with Kubernetes. Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets
  • stakater/Reloader ๐ŸŒŸ A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig
  • dignajar/another-ldap Another LDAP is a form-based authentication for Active Directory / LDAP server. Provides Authentication and Authorization for your applications running in Kubernetes.
  • ddosify/ddosify High-performance load testing tool, written in Golang.
  • anchore/syft CLI tool and library for generating a Software Bill of Materials from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype.
  • aws/aws-node-termination-handler ๐ŸŒŸ Gracefully handle EC2 instance shutdown within Kubernetes
  • aelsabbahy/goss Quick and Easy server testing/validation
  • chr-fritz/csi-sshfs Kubernetes CSI Plugin for SSHFS. It allows to mount directories using a ssh connection.
  • ctrox/csi-s3 A Container Storage Interface for S3. This is a Container Storage Interface (CSI) for S3 (or S3 compatible) storage. This can dynamically allocate buckets and mount them via a fuse mount into any container.
  • codesenberg/bombardier ๐ŸŒŸ Fast cross-platform HTTP benchmarking tool written in Go
  • fstab/cifs CIFS Flexvolume Plugin for Kubernetes. Driver for CIFS (SMB, Samba, Windows Share) network filesystems as Kubernetes volumes.
  • Kui: CLI-driven Graphics for Kubernetes. Tired of working with Kubernetes in cli mode only? Try kui - a hybrid tool that allows you to interact with any Kubernetes cluster easily with more advanced features available only in GUI.
  • bloomberg/goldpinger ๐ŸŒŸ Debugging tool for Kubernetes which tests and displays connectivity between nodes in the cluster. Goldpinger makes calls between its instances to monitor your networking. It runs as a DaemonSet on Kubernetes and produces Prometheus metrics that can be scraped, visualised and alerted on.
  • haxsaw/hikaru ๐ŸŒŸ Move smoothly between Kubernetes YAML and Python for creating/updating/componentizing configurations. Hikaru is a tool that provides you the ability to easily shift between YAML, Python objects/source, and JSON representations of your Kubernetes config files. It provides assistance in authoring these files in Python, opens up options in how you can assemble and customise the files, and provides some programmatic tools for inspecting large, complex files to enable automation of policy and security compliance. Additionally, Hikaru allows you to use its K8s model objects to interact with Kubernetes, directing it to create, modify, and delete resources.
  • kei6u/kubectl-secret-data A kubectl plugin for finding decoded secret data with productive search flags.
  • ofek/csi-gcs Kubernetes CSI driver for Google Cloud Storage. An easy-to-use, cross-platform, and highly optimized Kubernetes CSI driver for mounting Google Cloud Storage buckets.
  • target/pod-reaper Rule based pod killing kubernetes controller. Pod-Reaper was designed to kill pods that meet specific conditions. See the “Implemented Rules” section below for details on specific rules.
  • utilitywarehouse/kube-applier kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster. kube-applier is Kubernetes deployment tool strongly following gitOps principals. It enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster.
  • Trendyol/kink KinK is a helper CLI that facilitates to manage KinD clusters as Kubernetes pods. Designed to ease clusters up for fast testing with batteries included in mind.
  • vbouchaud/k8s-ldap-auth Kubernetes webhook token authentication plugin implementation using ldap.
  • wangjia184/pod-inspector A tool to inspect pods in kubernetes. Unlike other dashboardes for Kubernetes(Lens / Rancher / etc), Kubernetes Pod Inspector allows to check the file system and processes within running Linux pods without using kubectl. This is useful when we want to check the files within volumes mounted by pods
  • witchery-project/witchery build distroless images with alpine tools
  • knight42/kubectl-blame: kubectl-blame: git-like blame for kubectl Show who edited resource fields. A useful opensource tool that comes as a plugin to show who modified attributes in kubernetes resource fields.
  • curiefense/curiefense Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs) and more
  • kubernetes-sigs/node-feature-discovery: Node feature discovery for Kubernetes Welcome to Node Feature Discovery โ€“ a Kubernetes add-on for detecting hardware features and system configuration!
  • arttor/helmify Creates Helm chart from Kubernetes yaml. Helmify reads a list of supported k8s objects from stdin and converts it to a helm chart. Designed to generate charts for k8s operators but not limited to. See examples of charts generated by helmify.
  • 4ARMED/kubeletmein Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers. This is a simple penetration testing tool which takes advantage of public cloud provider approaches to providing kubelet credentials to nodes in a Kubernetes cluster in order to gain privileged access to the k8s API. This access can then potentially be used to further compromise the applications running in the cluster or, in many cases, access secrets that facilitate complete control of Kubernetes.
  • patrickdappollonio/kubectl-slice Split multiple Kubernetes files into smaller files with ease. Split multi-YAML files into individual files.
  • appvia/cosign-keyless-admission-webhook Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
  • theketchio/ketch ๐ŸŒŸ Ketch is an application delivery framework that facilitates the deployment and management of applications on Kubernetes using a simple command line interface.
  • joyrex2001/kubedock Kubedock is a minimal implementation of the docker api that will orchestrate containers on a Kubernetes cluster, rather than running containers locally.
  • corneliusweig/konfig konfig helps to merge, split or import kubeconfig files
  • armosec/regolibrary ARMO rego library for detecting miss-configurations in Kubernetes manifests
  • groundnuty/k8s-wait-for ๐ŸŒŸ A simple script that allows to wait for a k8s service, job or pods to enter a desired state
  • nabsul/k8s-ecr-login-renew: Renew Kubernetes Docker secrets for AWS ECR Renews Docker login credentials for an AWS ECR container registry.
  • particledecay/kconf Manage multiple kubeconfigs easily
  • maruina/aws-auth-manager: K8s controller to manage the aws-auth configmap aws-auth-manager is a Kubernetes controller designed to manage the aws-auth ConfigMap in EKS using a new AWSAuthItem CRD
  • segmentio/kubectl-curl: Kubectl plugin to run curl commands against kubernetes pods
  • wallarm/sysbindings sysctl/sysfs settings on a fly for Kubernetes Cluster. No restarts are required for clusters and nodes.
  • atombender/ktail ๐ŸŒŸ ktail is a tool to easily tail Kubernetes logs. It’s like kubectl logs, but with a bunch of features to make it more convenient:
    • Detects pods and containers as they come and go
    • Tails multiple pods and containers
    • All containers are tailed by default
    • Recovers from failure
  • ๐ŸŒŸ - vmware-tanzu/pinniped Pinniped is the easy, secure way to log in to your Kubernetes clusters.
  • keisku/kubectl-explore A better kubectl explain with the fuzzy finder. This plugin fuzzy-find the field explanation from supported API resources. It implements different explanations for particular API version. kubectl-explore is a kubectl plugin to fuzzy-find and explain the field supported API resources like “pod.spec”, “cronJob.spec.jobTemplate”, etc.
  • box/kube-exec-controller An admission controller service and kubectl plugin to handle container drift in K8s clusters. kube-exec-controller is an admission controller for handling container drift (caused by kubectl exec, attach, cp, or other interactive requests) inside a Kubernetes cluster. This project also includes a kubectl plugin for checking such Pods.
  • abahmed/kwatch ๐Ÿ‘€ monitor & detect crashes in your Kubernetes(K8s) cluster instantly. kwatch helps you monitor all changes in your Kubernetes cluster, detects crashes in your running apps in real-time, and publishes notifications to your channels (Slack, Discord, etc.) instantly.
  • cuber-cloud/cuber-gem: CUBER An automation tool that simplify the deployment of your apps on Kubernetes.
  • kubeops/config-syncer: Config Syncer (previously Kubed) Kubernetes Config Syncer (previously kubed). Config Syncer keeps ConfigMaps and Secrets synchronized across namespaces and/or clusters
  • eldadru/ksniff ๐ŸŒŸ Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
  • openclarity/kubeclarity KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
  • NimbleArchitect/kubectl-ice ๐ŸŒŸ Cleanly list all containers in kubernetes pods including init containers and view running kubernetes information about those multi-container pods to assist in troubleshooting and information gathering. kubectl-ice is a kubectl plugin that lets you see the configuration of all pod’s containers. You can inspect volumes, images, ports and executable configurations, along with current CPU and memory metrics at the container level.
  • vmware-tanzu/k-bench ๐ŸŒŸ Workload Benchmark for Kubernetes. K-Bench is a framework to benchmark the control and data plane aspects of a Kubernetes infrastructure. It provides a configurable way to prescriptively create and manipulate Kubernetes resources at scale and collect the metrics.
  • k8tz/k8tz: Kubernetes Timezone Controller Kubernetes admission controller and a CLI tool to inject timezones into Pods and CronJobs
  • patrickdappollonio/tabloid: tabloid – your tabulated data’s best friend tabloid is a simple command line tool to parse and filter column-based CLI outputs from commands like kubectl or docker
  • ReallyLiri/kubescout: Kube-Scout Scout for alarming issues across your Kubernetes clusters. kubescout is a command-line tool designed to issue alerts in real-time for:
    • Pod evictions
    • Pod stuck in terminating/initializing
    • Excessive disk usage, process & inode allocation
    • Warning/errors in native logs
    • Helm failures
    • etc
  • govirtuo/kube-ns-suspender ๐ŸŒŸ A k8s controller that scales up and down namespaces on-demand with an embedded friendly UI and a Prometheus exporter. Inspired by kube-downscaler.Kube-ns-suspender watches namespaces and “suspends” them by scaling to 0 some of the resources. Once a namespace is suspended, it will not be restarted automatically. This allows to “reactivate” namespaces only when required and reduces costs
  • Kubernetes Downscaler ๐ŸŒŸ Scale down / “pause” Kubernetes workload (Deployments, StatefulSets, and/or HorizontalPodAutoscalers and CronJobs too !) during non-work hours.
  • deepfence/PacketStreamer โญโญ Distributed tcpdump for cloud native environments โญโญ PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis.
  • kris-nova/kaar kaar is the Kubernetes Application Archive. kaar will:
    • Recursively iterate through every file in the path and search for valid Kubernetes YAML
    • Identify all container images referenced from the YAML
    • Archive the container images
  • mohatb/kubectl-exec kubectl-exec is a kubectl plugin that allows you to access a node. It works by creating a pod (with a privileged container) in the node you specified and using nsenter for getting a shell into your Kubernetes nodes. Works on both Linux and Windows.
  • kudobuilder/kuttl KUbernetes Test TooL (KUTTL) provides a declarative approach to test Kubernetes Operators. It is designed for testing operators, however it can declaratively test any kubernetes objects.
  • steveteuber/kubectl-graph โญ A kubectl plugin to visualize Kubernetes resources and relationships.
  • crazy-max/diun Diun is a CLI application written in Go and delivered as a single executable (and a Docker image) to receive notifications when a Docker image is updated on a Docker registry.
  • omrikiei/ktunnel โญ A cli that exposes your local resources to kubernetes. A CLI tool that establishes a reverse tunnel between a kubernetes cluster and your local machine.
  • Pixie: an X-ray Machine for Kubernetes Traffic Pixie is one of a handful of observability tools that offer eBPF or kernel-level observability. In this tutorial, you will learn how to see all of your applications’ metrics, events, logs, and traces using Pixie with Kubernetes.
  • Deploy open-source software on Kubernetes in record time โญ An open-source platform to build, maintain, and scale infrastructure on Kubernetes. Batteries included.
  • pan-net-security/kcount kcount counts Kubernetes objects across namespaces and clusters. It can be used as a CLI tool or as a daemon (service) exposing Prometheus metrics.
  • cloudtty/cloudtty: A Kubernetes Cloud Shell (Web Terminal) Operator A Friendly Kubernetes CloudShell (Web Terminal) !
  • jthomperoo/k8shorizmetrics k8shorizmetrics is a library that provides the internal workings of the Kubernetes Horizontal Pod Autoscaler (HPA) wrapped up in a simple API. The project allows querying metrics just as the HPA does, and also running the calculations.
  • Kube-capacity is a simple and powerful CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster. It combines the best parts of kubectl top and describe into an easy to use CLI focused on cluster resources.
  • Goldilocks is a utility that can help you identify a starting point for resource requests and limits
  • learnk8s/xlskubectl a spreadsheet to control your Kubernetes cluster. xlskubectl integrates Google Spreadsheet with Kubernetes. You can finally administer your cluster from the same spreadsheet that you use to track your expenses.
  • kingdonb/kubectl-exec-user lets you exec as a specified user into a Kubernetes container
  • upmc-enterprises/registry-creds: Registry Credentials โญ Allow for AWS ECR, Google Registry, & Azure Container Registry credentials to be refreshed inside your Kubernetes cluster via ImagePullSecrets
  • pymag09/kubecui kubeui makes kubectl more user friendly. This is still kubectl but enhanced with fzf. However, kubectl slows you down - requires heavy keyboard typing. In order to alleviate interaction with kubernetes API and describe the fields associated with each supported API resource directly in the Terminal, kubectl was complemented by fzf.
  • awesome-it/adeploy adeploy is a deployment tool for Kubernetes that supports the rendering and deploying of lightweight Jinja templated Kubernetes manifests and complex Helm charts
  • stakater/Forecastle Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes
  • acorn-io/acorn Acorn is a simple application deployment framework for Kubernetes:
    • One artifact across dev, test, and production
    • Simple CLI and powerful API
    • Runs on any Kubernetes cluster
  • smartxworks/knest knest: Kubernetes-in-Kubernetes Made Simple
  • smartxworks/virtink Virtink is a Kubernetes add-on for running Cloud Hypervisor virtual machines. By using Cloud Hypervisor as the underlying hypervisor, Virtink enables a lightweight and secure way to run fully virtualized workloads in a canonical Kubernetes cluster
  • inspektor-gadget/inspektor-gadget Introspecting and debugging Kubernetes applications using eBPF “gadgets”. Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications. It manages the packaging, deployment and execution of eBPF programs in a Kubernetes cluster, including many based on BCC tools, as well as some developed specifically for use in Inspektor Gadget. It automatically maps low-level kernel primitives to high-level Kubernetes resources, making it easier and quicker to find the relevant information.
  • toboshii/hajimari Hajimari is a beautiful & customizable browser startpage/dashboard with Kubernetes application discovery.
  • Ramilito/kubediff โญ Source VS Deployed. kubediff compares the local YAML resource definitions with the ones currently deployed in the cluster.
  • FairwindsOps/gonogo GoNoGo is a utility to help users determine upgrade confidence around Kubernetes cluster addons
  • pulumi/kube2pulumi Upgrade your Kubernetes YAML to a modern language
  • doitintl/kube-no-trouble: kubent โญโญโญ Easily check your clusters for use of deprecated APIs
  • resmoio/kubernetes-event-exporter Export Kubernetes events to multiple destinations with routing and filtering
  • jthomperoo/predictive-horizontal-pod-autoscaler Horizontal Pod Autoscaler built with predictive abilities using statistical models
  • Count resources by kind. kubectl-count uses the dynamic library to find server preferred resources and then leverages the informer mechanism to list and count resources by kind. You can show any kinds counts in kubernetes and group by namespaces.
  • Kubernetes scheduler written in less than 100 lines of bash
  • โญ Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.
  • kubernetes-sigs/kwok Kubernetes WithOut Kubelet - Simulates thousands of Nodes and Clusters. KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds. Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
  • Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
  • Krateo Platformops is an open-source tool that allows users to create any desired resource on various infrastructures. It acts as a centralized control plane, allowing users to monitor and control resources.
  • A global resource download orchestration system, build your home download center.
  • A browser based remote desktop solution on kubernetes Building a cost effective and simple remote desktop solution on kubernetes using open source apache guacamole
  • kvaps/kubectl-node-shell kubectl node-shell is a krew plugin that lets start a root shell in the node’s host
  • In this repository, you’ll find the code for storing and distributing container images using the OCI Distribution Specification. The goal of this project is to provide a simple, secure, and scalable base for building a large-scale registry solution.
  • Pipy is a programmable proxy for the cloud, edge and IoT.
  • This repository contains a Podman machine image that can run native WebAssembly container images, which only contain wasm files and no runtime
  • Watch and print changes in k8s. This tool watches kubernetes resources and prints the delta in changes.
  • ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects.
  • Management tool for Kubernetes cluster deployment and maintenance. Kubemarine is an open-source, lightweight and powerful management tool built for end-to-end Kubernetes cluster deployment and maintenance
  • card-to-sample-YAML lets you generate a sample YAML file from a Custom Resource Definition
  • Run a Kubernetes Job and get the logs when it’s done ๐Ÿƒโ€โ™‚๏ธ
  • Service Hub is a tool to create and manage a Self-Service portal for your applications using Kubernetes and Helm
  • Setup Kubernetes Admin on Linux with Brew
  • kubectl foreach โญ kubectl-foreach is a kubectl plugin that runs a kubectl command in one or more contexts (clusters) in parallel (similar to GNU parallel/xargs)
  • โญ etcdadm is a command-line tool for operating an etcd cluster. It makes it easy to create a new cluster, add a member to, or remove a member from an existing cluster. Its user experience is inspired by kubeadm.
  • Kwok, a Tool to Spin up Kubernetes Nodes in a Second
  • โญ Launchpad is a command-line tool that lets you easily create applications on Kubernetes. In practice, Launchpad works similar to Heroku or Vercel, except everything is on Kubernetes.
  • Kubectl Sockperf plugin - Latency Measurement in Kubernetes
  • This repository contains the code for Ekkremis: a Prometheus-based alert manager to resolve kubernetes pods pending issues
  • โญ Kubernetes prompt for bash and zsh. kube-ps1 is a script that lets you add the current Kubernetes context and namespace configured on kubectl to your Bash/Zsh prompt strings (i.e. the $PS1)
  • โญ Kube-shell is an integrated shell for working with the Kubernetes CLI. Under the hood, Kube-shell still calls kubectl. Kube-shell aims to provide ease-of-use of kubectl and increase productivity.
  • (real-time, cloud-native data pipeline platform) The developer-friendly ETL platform for transforming data in real-time. Based on Apache Kafkaยฎ and Kubernetesยฎ. DataCater helps you to build modern, real-time data pipelines with Apache Kafka and Kubernetes. You can choose from an extensive repository of filter functions, apply transformations, or code your own transforms in Python.
  • RBAC Tool for Kubernetes. Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
  • oslabs-beta/Palaemon Palaemon is an open-source developer tool for monitoring health and resource metrics of Kubernetes clusters and analyzing Out of Memory (OOMKill) errors
  • openobserve/debug-container A container with common utilities for debugging your cluster
  • โญ Capsule is an open source framework that enables Platform Engineers to build a secure multi-tenant Internal Developer Platform on top of any Kubernetes infrastructure.
  • Ksctl: Cloud Agnostic Kubernetes Management tool ksctl is a simple multi-environment Kubernetes management CLI tool
  • Drifter scans your cluster to find configuration drifts on Kubernetes resources or Helm charts
  • Module to Automatically maximize the utilization of GPU resources in a Kubernetes cluster through real-time dynamic partitioning and elastic quotas - Effortless optimization at its finest!
  • Ahoy helps teams release and manage applications and services across multiple k8s clusters without needing to write any yaml.
  • OpenCP (Open Control Plane) is an open source project designed to provide a single interface to manage infrastructure across providers using a single tool: kubectl
  • Orphaned ConfigMaps A script for finding orphaned configmaps
  • A Declarative Dependency Management tool
    • Automatically open a PR on your GitOps repository when a third party service publishes an update
    • Updatecli is a tool used to apply file update strategies. Designed to be used from everywhere, each application “run” detects if a value needs to be updated using a custom strategy then apply changes according to the strategy.
  • A Golang Tool to discover unused Kubernetes Resources. Currently, Kor can identify and list unused:
    • ConfigMaps
    • Secrets
    • Services
    • ServiceAccounts
    • Deployments
    • Statefulsets
    • Roles
  • A CLI application which provides the worldโ€™s best developer UX for finding and accessing cloud roles to multiple cloud accounts, fast!
  • Adopt Kubernetes in Weeks With Our K8s Acceleration Platform. Old software delivery platforms are holding you back and slowing you down. Rapidly adopt K8s without creating cognitive overload for your developers.
  • The Kubefirst CLI creates instant GitOps platforms that integrate some of the best tools in cloud native from scratch in minutes.
  • Trolley is a multi cloud Kubernetes management system. A simplified UI which allows the user to Deploy, Edit and Delete clusters and deployments within them on AWS, Azure and GCP.



  • kubecfg is a tool for managing Kubernetes resources as code that allows you to express the patterns across your infrastructure, reuse “templates” across many services, and then manage those templates as files in version control




  • Managing your Kubernetes clusters (including public, private, edge, etc) as easily as visiting the Internet
    • Clusternet (Cluster Internet) is a tool that helps you manage thousands of Kubernetes clusters
    • It can also help deploy and manage applications across several clusters from a single set of APIs in a single hosting cluster

Open Cluster Management

  • Make working with many Kubernetes clusters super easy regardless of where they are deployed. Open Cluster Management is a community-driven project focused on multicluster and multicloud scenarios for Kubernetes apps. Open APIs are evolving within this project for cluster registration, work distribution, dynamic placement of policies and workloads, and much more.

Penetration Testing Tools

  • What is Penetration Testing? Penetration testing is otherwise referred to as pen testing. This blog on โ€˜What is Penetration Testing? - Types, Phases, Tools Explainedโ€™ discusses in detail what pen testing is and how it works, the numerous tools involved in this field, and so on. This blog aims to give you an insight into pen testing and how Ethical Hackers use it for the purpose of Cyber Security. Letโ€™s dive right in.
  • quarkslab/kdigger kdigger is a context discovery tool for Kubernetes penetration testing.
  • inguardians/peirates Peirates - Kubernetes Penetration Testing tool

Deckhouse Kubernetes Platform

  • Deckhouse: NoOps Kubernetes platform ๐ŸŒŸ Deckhouse is an Open Source platform for managing Kubernetes clusters in a fully automatic and uniform fashion. It allows you to create homogeneous Kubernetes clusters anywhere and fully manages them. It supplies all the add-ons you need for auto-scaling, observability, security, and service mesh. It comes in Enterprise Edition (EE) and Community Edition (CE).

KubeIP (GKE)

  • Many applications need to be whitelisted by users based on a Source IP Address. As of today, Google Kubernetes Engine doesnโ€™t support assigning a static pool of IP addresses to the GKE cluster. Using kubeIP, this problem is solved by assigning GKE nodes external IP addresses from a predefined list. kubeIP monitors the Kubernetes API for new/removed nodes and applies the changes accordingly.
  • Many applications need to be whitelisted based on a Source IP Address.
  • Using kubeIP, you can assign external IP addresses from a predefined list to GKE nodes. kubeIP monitors the Kubernetes API for new/removed nodes and applies the changes
  • doitintl/kubeIP Assign static external IPs from predefined pool of external IP addresses to Google GKE nodes so your customers could whitelist them


  • Porter Package your application artifact, client tools, configuration and deployment logic together as a versioned bundle that you can distribute, and then install with a single command -

Datree. Quality Checks for Kubernetes YAMLs

Kaniko Build Images in Kubernetes without docker

Shipwright Framework for Building Container Images on Kubernetes

BuildKit CLI for kubectl

Buildpacks vs Dockerfiles


  • ๐ŸŒŸ KubeVela is a modern application platform that makes deploying and managing applications across today’s hybrid, multi-cloud environments easier and faster. KubeVela is runtime agnostic, natively extensible, yet most importantly, application-centric .
  • Intro to KubeVela: A better way to ship applications KubeVela makes deploying applications to Kubernetes much easier. Rather than knowing about service, deployment, pods, and horizontal pod scaling, you can specify a much lighter configuration.

Pixie. Instantly troubleshoot applications on Kubernetes

Dekorate. Generate k8s manifests for java apps





  • KubeLibrary KubeLibrary is a RobotFramework library for testing Kubernetes cluster


  • kube-vip is a Load-Balancer for both inside and outside a Kubernetes cluster. kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.
  • What’s one of the biggest pain in implementing Kubernetes for on-prem? Lack of support for LoadBalancer Service. Now there’s a second project (the first is MetalLB) that provides this functionality for on-prem: kube-vip.



  • kustomizer Kustomize build, apply, prune command-line utility. Kustomizer is a command-line utility for applying kustomizations on Kubernetes clusters. Kustomizer garbage collector keeps track of the applied resources and prunes the Kubernetes objects that were previously applied on the cluster but are missing from the current revision.


Kubermatic Kubernetes Platform

Kubermatic Kubeone

  • kubermatic/kubeone ๐ŸŒŸ Kubermatic KubeOne automate cluster operations on all your cloud, on-prem, edge, and IoT environments.
  • How to Write Software That Sets Up Kubernetes Anywhere with Kubermatic Kubeone Kubernetes is a complex system. But installing Kubernetes doesnโ€™t need to be hard. In this short clip, our Software Engineer Marko Mudriniฤ‡ explains how to use existing tools to make tasks easier for you. He provides you with some insights on the learnings we made while creating KubeOne, an open source and infrastructure-agnostic cluster lifecycle management tool for single and HA Kubernetes clusters.



  • Popeye - A Kubernetes Cluster Sanitizer ๐ŸŒŸ๐ŸŒŸ Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not what’s sitting on disk. By scanning your cluster, it detects misconfigurations and helps you to ensure that best practices are in place, thus preventing future headaches. It aims at reducing the cognitive overload one faces when operating a Kubernetes cluster in the wild. Furthermore, if your cluster employs a metric-server, it reports potential resources over/under allocations and attempts to warn you should your cluster run out of capacity.
  • Top 10 Kubernetes Tools You Need for 2021 โ€“ Popeye


  • kbrew kbrew is homebrew for Kubernetes. kbrew is a CLI tool for Kubernetes which makes installing any complex stack easy in one step (And yes we are definitely inspired by Homebrew from MacOS)



Kubectl Connections

Benchmark Operator

Source-To-Image (S2I)

  • openshift/source-to-image A tool for building artifacts from source and injecting into container images. Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. No writing a bunch of YAML to build your container.

VMware Tanzu Octant

  • vmware-tanzu/octant Highly extensible platform for developers to better understand the complexity of Kubernetes clusters. Octant is a tool for developers to understand how applications run on a Kubernetes cluster. It aims to be part of the developer’s toolkit for gaining insight and approaching complexity found in Kubernetes. Octant offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities.

Qovery Engine

  • Qovery/engine: Qovery Engine ๐ŸŒŸ Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes. The Qovery Engine is written in Rust and takes advantage of Terraform, Helm, Kubectl, and Docker to manage resources.

mck8s Container orchestrator for multi-cluster Kubernetes

  • moule3053/mck8s mck8s, short for multi-cluster Kubernetes, allows you to automate the deployment of multi-cluster applications on multiple Kubernetes clusters by offering enhanced configuration possibilities. The main aim of mck8s is maximizing resource utilization and supporting elasitcity across multiple Kubenetes clusters by providing multiple placement policies, as well as bursting, cloud resource provisioning, autoscaling and de-provisioning capabilities. mck8s builds upon other open-source software such as Kubernetes, Kubernetes Federation, kopf, serf, Cilium, Cluster API, and Prometheus.

Shipwright framework

  • shipwright-io/build: shipwright A framework for building container images on Kubernetes.
  • With Shipwright, developers get a simplified approach for building container images, by defining a minimal YAML that does not require any previous knowledge of containers or container tooling. All you need is your source code in git and access to a container registry.
  • Shipwright supports any tool that can build container images in Kubernetes clusters, such as:
    • Kaniko
    • Cloud Native Buildpacks
    • BuildKit
    • Buildah

Schiff (Deutsche Telekom)

  • telekom/das-schiff This is home of Das Schiff - Deutsche Telekom Technik’s engine for Kubernetes Cluster as a Service (CaaS) in on-premise environment on top of bare-metal servers and VMs.


  • NetMaker Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

AWS Karpenter kubernetes Autoscaler

Kuby (easy deployments of Ruby Rails App)


  • Direktiv Serverless Container Orchestration. Diretiv is a serverless workflow and automation engine running on Kubernetes and Knative. Direktiv is the equivalent of AWS Step Functions, or Google Cloud Workflows or Alibaba Serverless Workflows. The difference between Direktiv and the cloud provider workflow engines is that Direktiv is cloud & platform agnostic, runs on kubernetes and executes containers as “plugins”.
  • Building a simple cloud-native, orchestrated microservice from containers





  • bitnami-labs/kubewatch Watch k8s events and trigger Handlers. kubewatch is a Kubernetes watcher that currently publishes notification to available collaboration hubs/notification channels. Run it in your k8s cluster, and you will get event notifications through webhooks.


  • BotKube is a messaging bot for monitoring and debugging Kubernetes clusters.


  • Robusta Robusta is an open source platform for webhooks and automations. It contains a library of 50+ builtin actions.
  • Why everyone should track Kubernetes changes and top four ways to do so Robusta is an event-triggered automations engine. Using Robusta you can subscribe to changes in a cluster (or multiple clusters) and publish that information to useful locations.
  • robusta-dev/krr Prometheus-based Kubernetes Resource Recommendations. Robusta KRR (Kubernetes Resource Recommender) is a CLI tool for optimizing resource allocation in Kubernetes clusters. It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory. This reduces costs and improves performance.

Soup GitOps Operator

  • caldito/soup Soup is a GitOps operator for Kubernetes. GitOps continuous deployment and management tool for Kubernetes focused on simplicity.


  • The Application Development Engine for Kubernetes. Epinio is how you tame the developer workflow in Kubernetes to go from Code to URL in a single step.
  • epinio/epinio Opinionated platform that runs on Kubernetes, that takes you from App to URL in one step.



  • kuberlogic Kuberlogic is an open-source product that deploys and manages software on top of the Kubernetes cluster and turns infrastructure into a managed PaaS. KuberLogic is that allows running managed databases and popular applications deploying on-premises or at any cloud. The solution provides API, monitoring, backups, and integration with SSO right out of the box


Azure AD Workload Identity

  • Azure/azure-workload-identity Azure AD Workload Identity uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods. It simplifies accessing Azure AD protected resources securely from Kubernetes workloads.


  • laurci/kubernate Kubernetes+Generate = Kubernate. Kubernate is a Kubernetes YAML generator that can be used as an alternative to other popular tools like Helm. Kubernate is distributed as a library and as a CLI, both working together to achieve one goal: Kubernetes as Code.


Azure Placement Policy Scheduler Plugins

  • Azure/placement-policy-scheduler-plugins This scheduler enables cluster admins to offload some configurable percentage of their workloads to spot nodes enabling them to decrease the cost of running these pods without affecting their reliability.
  • Most of cloud environments today provides cluster admins with ephemeral nodes (VMs). These nodes typically cost significantly less but they offer less reliability than their regular counterpart. Cluster admins are often torn between the choice of cost and reliability because of the innate inability of the default Kubernetes scheduler to place some of a specific workload pods on these nodes. Having the entire workload on ephemeral nodes risks the reliability of the workload when the cloud environment stops these nodes. This scheduler enables cluster admins to offload some configurable percentage of their workloads on these nodes enabling them to decrease the cost of running these pods without affecting its reliability.

Azure AAD Pod Identity


  • MicroShift is a research project that is exploring how OpenShift1 and Kubernetes can be optimized for small form factor and edge computing.
  • It requires only 2GB to run
  • You can run it as a container with Docker or Podman
  • It is a very trimmed version of OpenShift without many features

kubefwd (Kube Forward)

  • txn2/kubefwd Kubernetes port forwarding for local development.
  • kubefwd is a tool built to port forward multiple services within one or more namespaces on one or more Kubernetes clusters
  • kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation

Kpng. Kubernetes Proxy NG

Auto-portforward (apf)

  • ruoshan/autoportforward Bidirectional port-forwarding for docker, podman and kubernetes. A handy tool to automatically set up proxies that expose the remote container’s listening ports back to the local machine. Just like kubectl portforward or docker run -p LOCAL:REMOTE, but automatically discover and update the ports to be forwarded on the fly. apf can create listening ports in the container and forward them back as well.


  • gardener/terraformer: Terraformer Executes Terraform configuration as job/pod inside a Kubernetes cluster. Terraformer is a tool that can execute Terraform commands (apply, destroy and validate) and can be run as a Pod inside a Kubernetes cluster. The Terraform configuration and state files (,, terraform.tfvars and terraform.tfstate) are stored as ConfigMaps and Secrets in the Kubernetes cluster and will be retrieved and updated by Terraformer.


Starboard kubernetes-native security toolkit

  • aquasecurity/starboard Kubernetes-native security toolkit. Starboard is a completely open source tool that integrates with other security tools to scan your workloads and make security reports accessible through the Kubernetes API - K8s all the way ๐Ÿš€


  • nicolaka/netshoot a Docker + Kubernetes network trouble-shooting swiss-army container. Purpose: Docker and Kubernetes network troubleshooting can become complex. With proper understanding of how Docker and Kubernetes networking works and the right set of tools, you can troubleshoot and resolve these networking issues. The netshoot container has a set of powerful networking tshooting tools that can be used to troubleshoot Docker networking issues. Along with these tools come a set of use-cases that show how this container can be used in real-world scenarios.

The Hierarchical Namespace Controller (HNC)


  • syntasso/kratix Kratix is a framework for building Platform-as-a-Product.
  • Kratix is a framework that enables co-creation of capabilities by providing a clear contract between application and platform teams through the definition and creation of โ€œPromisesโ€. Using the GitOps workflow and Kubernetes-native constructs, Kratix provides a flexible solution to empower your platform team to curate an API-driven, curated, bespoke platform that can easily be kept secure and up-to-date, as well as evolving as business needs change.
  • Kratix enables platform teams to deliver a Kubernetes-native platform API, over fleets of Kubernetes clusters.
  • Kratix is deployed to a platform cluster, and uses the GitOps Toolkit to orchestrate a topology of worker clusters.


KubeOrbit. Test your app on kubernetes

Mizu API Traffic Viewer for Kubernetes

  • up9inc/mizu API traffic viewer for Kubernetes enabling you to view all API communication between microservices to help your debug and troubleshoot regressions. Think TCPDump and Wireshark re-invented for Kubernetes.



Keepass Secret

  • rene6502/keepass-secret keepass-secret is a command-line tool that converts entries from a KeePass 2.3 file into Kubernetes secrets. This tool was created to automatically create Kubernetes Secret in CI/CD pipelines to deploy workloads to Kubernetes clusters.

Workflow Schedulers

Komodor Workflows

Azure Eraser

  • ๐ŸŒŸ ๐Ÿงน Cleaning up images from Kubernetes nodes. Eraser is a tool that helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster

komodor workflow

Data Pipeline Workflow Schedulers

ConfigMap Reloader

  • ๐ŸŒŸ
  • ConfigMap Reloader โ€” Automatically reload new data from ConfigMap/Secret to deployments
    • ConfigMaps and Secrets are way to inject environment variables and application configurations to a Pod in Kubernetes. Sometimes and sometime many times, we need to change the value of environment variables or configurations. For that we need to update ConfigMap/Secret.
    • In Kubernetes, When we make some changes to a ConfigMap or Secret, new data is not automatically propagated to the pods from that configmap/secret. We often need to restart the pods to load new data.
    • This can be achieved using a tool โ€˜Reloaderโ€™. It is a Kubernetes controller which watch the changes made to secrets and ConfigMaps and perform rolling upgrades on pods with their associated Deployments, StatefulSets or DaemonSets. It is an Opensource tool provided by Stakater who also provide various other enterprise K8s solutions.


  • ๐ŸŒŸ Kluctl is the missing glue to put together large Kubernetes deployments. It allows you to declare and manage multi-environment and multi-cluster deployments. Kluctl does not have cluster-side dependencies and works out of the box.

k2tf Kubernetes YAML to Terraform HCL converter

Kubernetes Security Tools

  • PaloAltoNetworks/rbac-police RBAC-police is a CLI tool that lets you evaluate the RBAC permissions of service accounts, pods and nodes in Kubernetes clusters through policies written in Rego
  • m9sweeper/m9sweeper m9sweeper is a complete kubernetes security platform that wraps trivy, project falco, kube-bench, kube-hunter, kubesec, and OPA Gatekeeper into one easy to manage user interface.
  • Creates OAuth clients in Keycloak and creates corresponding secrets in kubernetes


  • purelb/purelb PureLB - is a Service Load Balancer for Kubernetes. PureLB is a load-balancer orchestrator for Kubernetes clusters. It uses standard Linux networking and routing protocols, and works with the operating system to announce service addresses.




Konf Lightweight Kubeconfig Manager

  • konf is a lightweight kubeconfig manager. With konf you can use different kubeconfigs at the same time. And because it does not need subshells, konf is blazing fast!


  • k8spacket - packets traffic visualization for kubernetes. k8spacket helps to understand TCP packets traffic in your kubernetes cluster:
    • Shows traffic between workloads in the cluster
    • Informs where the traffic is routed outside the cluster
    • Displays information about closing sockets by connections

Infrastructure as Code using Kubernetes. Config Connector

  • Config Connector is an open source Kubernetes addon that allows you to manage Google Cloud resources through Kubernetes.
  • Infrastructure as Code using Kubernetes
    • Config Connector (KCC) is a solution to maintain Cloud Resources as Infrastructure as Code. It is built as an Open Source initiative and runs on Kubernetes clusters. As such, it leverages YAML files to maintain and operate such resources.
    • Config Connector has two versions: an Add-On for Google Kubernetes Engine (GKE) clusters and a manual installation for other Kubernetes distributions.

Claudie Cloud-agnostic managed Kubernetes

  • Claudie is a platform for managing multi-cloud Kubernetes clusters with each node pools in a different cloud provider

Observability Monitoring Tools

  • KubernOcular is a free, open-source tool which harnesses the power of Prometheus and the Kubernetes-Client Node API to give developers an insightful and holistic view of Kubernetes clusters.
  • This application “pings” websites every few minutes. It can be used to keep the application alive on e.g. or
  • vladimirvivien/ktop A top-like tool for your Kubernetes clusters
  • ClusterWatch provides a visualization of the Kubernetes cluster architecture with detailed descriptions and stats. It also offers real-time metrics data, presented via Grafana charts, and built-in support for Prometheus and alerts.

Debugging and Troubleshooting Tools

  • kubectl-debug is a tool that lets you debug a target container in a Kubernetes cluster by automatically creating a new, non-invasive, ‘debug’ container in the same PID, network, user, and IPC namespace as the target container without any disruption
  • A simple go tool to check that your cluster is in supported version written in GO. k8f is a command line tool to find, list, connect and check versions for kubernetes clusters. With k8f you can connect at once to all clusters tagged as “AWS” or find a specific cluster in your kubeconfig.
  • Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security
  • A service for better network visibility for your Kubernetes clusters. kube-iptables-tailer is a service that gives you better visibility on networking issues in your Kubernetes cluster by detecting the traffic denied by iptables and surfacing corresponding information to the affected Pods via Kubernetes events.
  • Network traffic capture in AKS Windows Nodes


  • Badrobot is a Kubernetes Operator audit tool. It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.
  • infrahq/infra ๐ŸŒŸ Infra enables you to discover and access infrastructure (e.g. Kubernetes, databases). It helps you connect an identity provider such as Okta or Azure active directory, and map users/groups with the permissions you set to your infrastructure. Infra provides authentication and access management to servers, clusters, and databases

Develop microservices locally while being connected to your Kubernetes environment

AI Tools


Click to expand!


Click to expand!