Skip to content

Kubernetes Plugins, Tools, Extensions and Projects

  1. Introduction
  2. K8s Tools
  3. Clusternet
  4. Open Cluster Management
  5. Penetration Testing Tools
  6. Deckhouse Kubernetes Platform
  7. KubeIP (GKE)
  8. Porter
  9. Datree. Quality Checks for Kubernetes YAMLs
  10. Kaniko Build Images in Kubernetes without docker
  11. Shipwright Framework for Building Container Images on Kubernetes
  12. BuildKit CLI for kubectl
  13. Buildpacks vs Dockerfiles
  14. Kubevela
  15. Pixie. Instantly troubleshoot applications on Kubernetes
  16. Dekorate. Generate k8s manifests for java apps
  17. Kubesploit
  18. Kubeshop
  19. Monokle
  20. KubeLibrary
  21. kube-vip
  22. Kubermetrics
  23. Kustomizer
  24. MetalLB
  25. Kubermatic Kubernetes Platform
    1. Kubermatic Kubeone
  26. Usernetes
  28. Popeye
  29. kbrew
  30. KubExplorer
  31. Kubescape
  32. Kubectl Connections
  33. Benchmark Operator
  34. Source-To-Image (S2I)
  35. VMware Tanzu Octant
  36. Qovery Engine
  37. mck8s Container orchestrator for multi-cluster Kubernetes
  38. Shipwright framework
  39. Schiff (Deutsche Telekom)
  40. NetMaker
  41. AWS Karpenter kubernetes Autoscaler
  42. Kuby (easy deployments of Ruby Rails App)
  43. Direktiv
  44. Jabos
  45. Pleco
  46. Mesh-kridik
  47. kubewatch
  48. Botkube
  49. Robusta
  50. Soup GitOps Operator
  51. Epinio
  52. Testkube
  53. KuberLogic
  54. Kusk
  55. Azure AD Workload Identity
  56. Kubernate
  57. Tackle
  58. Azure Placement Policy Scheduler Plugins
  59. Azure AAD Pod Identity
  60. MicroShift
  61. kubefwd (Kube Forward)
  62. Kpng. Kubernetes Proxy NG
  63. Auto-portforward (apf)
  64. gardener/Terraformer
  65. Werf
  66. Starboard kubernetes-native security toolkit
  67. Netshoot
  68. The Hierarchical Namespace Controller (HNC)
  69. Kratix
  70. gRPC-Gateway
  71. KubeOrbit. Test your app on kubernetes
  72. Mizu API Traffic Viewer for Kubernetes
  73. vcluster
  74. Kateyes
  75. Keepass Secret
  76. Workflow Schedulers
    1. Komodor Workflows
  77. Azure Eraser
  78. Data Pipeline Workflow Schedulers
  79. ConfigMap Reloader
  80. Infra
  81. Kluctl
  82. k2tf Kubernetes YAML to Terraform HCL converter
  83. Kubernetes Security Tools
  84. PureLB
  85. Murre
  86. k9s
  87. Pluto
  88. Konf Lightweight Kubeconfig Manager
  89. K8spacket
  90. Infrastructure as Code using Kubernetes. Config Connector
  91. Claudie Cloud-agnostic managed Kubernetes
  92. Observability Monitoring Tools
    1. Debugging and Troubleshooting Tools
  93. Security
  94. Tweets
  95. Videos


K8s Tools

  • Download Kubernetes 🌟 An easier way to get the binaries you need
  • ramitsurana/awesome-kubernetes: Tools 🌟
  • VMware octant A web-based, highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
    • Visualize your Kubernetes workloads. Octant is an open source developer-centric web interface for Kubernetes that lets you inspect a Kubernetes cluster and its applications.
  • KSS - Kubernetes pod status on steroid
  • kubectl-tree kubectl plugin to browse Kubernetes object hierarchies as a tree
  • The Golden Kubernetes Tooling and Helpers list
  • kubech (kubectl change) Set kubectl contexts/namespaces per shell/terminal to manage multi Kubernetes cluster at the same time.
  • Kubecle is a web ui running locally that provides useful information about your kubernetes clusters. It is an alternative to Kubernetes Dashboard. Because it runs locally, you can access any kubernetes clusters you have access to
  • Permission Manager 🌟 is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW. Permission Manager is an application that enables a super-easy and user-friendly RBAC management for Kubernetes. With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice & easy web UI.
  • Kubernetes client tools overview
  • kubectx + kubens: : Power tools for kubectl🌟🌟 Faster way to switch between clusters and namespaces in kubectl
  • go-kubectx 5x-10x faster alternative to kubectx. Uses client-go.
  • kubevious: application centric Kubernetes UI 🌟 is open-source software that provides a usable and highly graphical interface for Kubernetes. Kubevious renders all configurations relevant to the application in one place.
  • Guard is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth providers. Guard also configures groups of authenticated user appropriately.
  • arkade by example β€” Kubernetes apps, the easy way 🌟
  • Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment.
  • Tubectl: a kubectl alternative which adds a bit of magic to your everyday kubectl routines by reducing the complexity of working with contexts, namespaces and intelligent matching resources.
  • Kpt: Packaging up your Kubernetes configuration with git and YAML since 2014 (Google)
  • kubernetes-common-services These services help make it easier to manage your applications environment in Kubernetes
  • k8s-job-notify Kubernetes Job/CronJob Notifier. This tool sends an alert to slack whenever there is a Kubernetes cronJob/Job failure/success.
  • kube-opex-analytics 🌟 Kubernetes Cost Allocation and Capacity Planning Analytics Tool. Built-in hourly, daily, monthly reports - Prometheus exporter - Grafana dashboard.
  • kubeletctl is a command line tool that implement kubelet’s API. Part of kubelet’s API is documented but most of it is not. This tool covers all the documented and undocumented APIs. The full list of all kubelet’s API can be view through the tool or this API table. What can it do ?:
    • Run any kubelet API call
    • Scan for nodes with opened kubelet API
    • Scan for containers with RCE
    • Run a command on all the available containers by kubelet at the same time
    • Get service account tokens from all available containers by kubelet
    • Nice printing :)
  • K8bit β€” the tiny Kubernetes dashboard 🌟 K8bit is a tiny dashboard that is meant to demonstrate how to use the Kubernetes API to watch for changes.
  • KUbernetes Test TooL (kuttl) 🌟
  • Portfall: A desktop k8s port-forwarding portal for easy access to all your cluster UIs 🌟
  • k8s-dt-node-labeller is a Kubernetes controller for labelling a node with devicetree properties (devicetree is a data structure for describing hardware).
  • kubedev 🌟 is a Kubernetes Dashboard that helps developers in their everyday usage
  • Kubectl SSH Proxy 🌟 Kubectl plugin to launch a ssh socks proxy and use it. This plugin aims to make your life easier when using kubectl a cluster that’s behind a SSH bastion.
  • kubectl-images Show container images used in the cluster. Kubectl-images is a kubectl plugin that shows the container images used in the cluster. It first calls kubectl get pods to retrieve pods details and filters out the container image information of each pod then prints out the final result in a table view.
  • Access Pod Online using Podtnl A Powerful CLI that makes your pod available to online without exposing a k8 service.
  • kiosk: Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning 🌟 Kubernetes is designed as a single-tenant platform, which makes it hard for cluster admins to host multiple tenants in a single cluster. Kiosk extends Kubernetes for multi-tenancy. The core idea is to use Kubernetes namespaces as isolated workspaces.
  • asdf-kubectl kubectl plugin for asdf version manager. asdf-vm is a CLI tool that can manage multiple language runtime versions on a per-project basis. It is like gvm, nvm, rbenv & pyenv (and more) all in one! Simply install your language’s plugin!
  • k8s Spot Rescheduler is a tool that tries to reduce load on a set of Kubernetes nodes. It was designed with the purpose of moving Pods scheduled on AWS on-demand instances to AWS spot instances to allow the on-demand instances to be safely scaled down (By the Cluster Autoscaler).
  • kube-spot-termination-notice-handler is a Kubernetes DaemonSet designed to gracefully delete pods 2 minutes before an EC2 Spot Instance is terminated.
  • Polaris 🌟 helps Kubernetes users avoid common mistakes when configuring their workloads. It runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices, helping you avoid problems in the future.
  • kmoncon Monitoring connectivity between your kubernetes nodes.
  • Tesoro Kapitan Secrets Controller for Kubernetes. Tesoro is Kapitan Admission Controller Webhook. Tesoro allows you to seamleslsly apply Kapitan secret refs in compiled Kubernetes manifests. As it runs in the cluster, it will be able to reveal embedded kapitan secret refs in manifests when applied.
  • DAST operator Dynamic application security testing (DAST) is a Kubernetes operator that leverages OWASP ZAP to make automated basic web service security testing.
  • Teleskope is a Kubernetes dashboard designed to give your devs and product managers an inside view of the cluster.
  • Introducing cdk8s+: Intent-driven APIs for Kubernetes objects Everyone hates yaml. Take that 75 lines of yaml and turn it into 45 lines of testable javascript with cdk8s+
  • KuUI (Kubernetes UI) is a simple UI that can be used to manage the configmaps/secrets of your Kubernetes cluster.
  • Deprek8ion is a set of rego policies to monitor Kubernetes APIs deprecations. It is designed to work with conftest.
  • Beetle Kubernetes multi-cluster deployment automation service.
  • vault-controller A K8s controller to manage Hashicorp Vault configuration using CRDs.
  • k8s-crash-informer is a Kubernetes controller that informs a Mattermost or Slack channel if an annotated deployment goes into crash loop.
  • Azure Arc enabled Kubernetes allows you to connect and manage external Kubernetes clusters in Azure
  • Kip, the Kubernetes Cloud Instance Provider Kip is a Virtual Kubelet provider that allows a Kubernetes cluster to transparently launch pods onto their own cloud instances. The kip pod is run on a cluster and will create a virtual Kubernetes node in the cluster.
  • Kubeletctl is a command line tool that implement kubelet’s API 🌟
  • k8s-node-label-monitor: Kubernetes Node Label Monitor provides a custom Kubernetes controller for monitoring and notifying changes in the label states of Kubernetes nodes (labels added, deleted, or updated), and can be run either node-local or cluster-wide
  • medium: How to Validate Your Kubernetes Cluster With Sonobuoy 🌟 Run comprehensive conformance testing for your Kubernetes cluster
  • k42s is a full multinode Kubernetes Vagrant cluster with a real load balancer
  • Pluto is a cli tool to help discover deprecated apiVersions in Kubernetes 🌟 Find Kubernetes resources that have been deprecated
  • Switchboard is a tool that manages DNS zones and their A/CNAME records for arbitrary backends. It runs as Kubernetes controller and watches for custom resources DNSZone and DNSRecord.
  • Kubernetes Deployment Builder 🌟🌟
  • ktx 🌟 Managing kubeconfig files can become tedious when you have multiple clusters and contexts to switch between. ktx aims to reduce friction caused by switching between various configurations.
  • k8s-alert is a simple and lightweight alerting tool for Kubernetes.
  • Arktos is an open source cluster management system designed for large scale clouds. It is evolved from the open source Kubernetes v1.15 codebase with some fundamental improvements.
  • kube-exec 🌟 is a library similar to os/exec that allows you to run commands in a Kubernetes pod, as if that command was executed locally. It is inspired from go-dexec, which does the same thing, but for a Docker engine.
  • identity-server Identity Server implements a Kubernetes “whoami” service.
  • Kubermatic Kubernetes Platform 🌟 is in an open source project to centrally manage the global automation Kubernetes clusters across multicloud, on-prem and edge with unparalleled density and resilience.
  • The Kubernetes Goat is a project designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.
  • kubefs lets you mount kubernetes’s metadata object store as a file system
  • DAST Operator (Dynamic application security testing) is a Kubernetes operator that leverages OWASP ZAP to make automated basic web service security testing
  • KuUI (Kubernetes UI) is a simple UI that can be used to manage the configmaps/secrets of your Kubernetes cluster.
  • pangolin 🌟 is an enhanced Horizontal Pod Autoscaler for Kubernetes.
  • kubectl-isolate is a kubectl plugin to isolate a Pod from the Kubernetes Service
  • k8s-diagrams 🌟 is a collection of diagrams explaining kubernetes, extracted from our trainings, articles and talks (k8s sec, k8s intro).
  • kconmon is a Kubernetes node connectivity monitoring tool
  • helm-docs is a tool for automatically generating markdown documentation for helm charts.
  • Kubernetes Active Passive Applications is an ingenious script that combines StatefulSets and readiness probes to achieve an active-passive configuration for your Pods/apps.
  • Agorakube is a Certified Kubernetes Distribution that provides an enterprise grade solution following best practices to manage a conformant Kubernetes cluster for on-premise and public cloud providers.
  • dynamic-pv-scaler is a golang based Kubernetes application which has been created to overcome the scaling issue of Persistent Volume in Kubernetes. This can scale the Persistent Volume on the basis of threshold which you have set.
  • Sinker Imagesync enables the syncing of container images from one container registry to another. This is useful in cases where you need to mirror images that exist in a public container registry, to a private one.
  • Cluster Turndown is an automated scaledown and scaleup of a Kubernetes cluster’s backing nodes based on a custom schedule and turndown criteria.
  • Kubernetes Node Label Monitor is a Kubernetes controller for monitoring and notifying about changes to Node label states
  • kubeinit 🌟 KubeInit provides Ansible playbooks and roles for the deployment and configuration of multiple Kubernetes distributions.
  • kubergui: Kubernetes Deployment Builder🌟 quickly builds out a basic Kubernetes Deployment and Kubernetes Service YAML. Kubernetes GUI YAML generators for simple but typo-prone tasks.
  • fubectl is a tool that reduces repetitive interactions with kubectl
  • Authelia 🌟 is a Single Sign-On and Multi-Factor portal for web apps that can be installed in Kubernetes and can integrate with your ingress controller
  • k8sdeploy is a go based tool, written with the goal of creating a cli that utilizes helm and kubernetes client libraries to deploy to multiple namespaces at once.
  • kubewatch 🌟🌟
  • node-policy-webhook is a Kubernetes webhook designed to help you handle tolerations, nodeSelector and nodeAffinity.
  • kubeonoff is a simple web UI for managing Kubernetes deployments.
  • ipvs-node-controller is the kubernetes controller that solves External-IP (Load Balancer IP) issue with IPVS proxy mode.
  • kubeonoff A simple web UI for managing Kubernetes deployments. Kubeonoff is a small web UI that allows to quickly stop/start/restart pods. Basically it’s for non-developers to manage k8s objects per namespace.
  • Maistra 🌟 is an opinionated distribution of Istio designed to work with Openshift. It combines Kiali, Jaeger, and Prometheus into a platform managed according to the OperatorHub lifecycle.
  • custom-pod-autoscaler A Custom Pod Autoscaler is a Kubernetes autoscaler that is customised and user created. The Custom Pod Autoscaler framework allows easier and faster development of Kubernetes autoscalers.
  • Kubevol 🌟 allows you to audit all your Kubernetes pods for an attached volume or see all the volumes attached to each pod by a specific type (eg: ConfigMap, Secret).
  • kubectl-fuzzy 🌟 uses fzf(1)-like fuzzy-finder to do partial or fuzzy search of Kubernetes resources. Instead of specifying full resource names to kubectl commands, you can choose them from an interactive list that you can filter by typing a few characters.
  • Setec 🌟 Setec (pronounced see-tek) is a utility tool that encrypts and decrypts secrets that are managed by Bitnami’s Sealed Secrets.
  • Kompose (Kubernetes + Compose) 🌟 kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Docker Compose file and translates it into Kubernetes resources. kompose is a convenience tool to go from local Docker development to managing your application with Kubernetes. Transformation of the Docker Compose format to Kubernetes resources manifest may not be exact, but it helps tremendously when first deploying an application on Kubernetes.
  • 🌟 Easily deploy and manage applications on Kubernetes. Get what you want out of Kubernetes without having to write and maintain a ton of custom tooling. Deploy apps, handle requests, and hook up CI/CD, all through an intuitive web interface.
  • Kev Develop Kubernetes apps iteratively with Docker-Compose. Kev helps developers port and iterate Docker Compose apps onto Kubernetes. It understands the Docker Compose application topology and prepares it for deployment in (multiple) target environments, with minimal user input. We leverage the Docker Compose specification and allow for target-specific configurations to be applied to each component of the application stack, simply.
  • Synator Kubernetes Secret and ConfigMap synchronizer 🌟 Synator synchronize your Secrets and ConfigMaps with your desired namespaces
  • kubes 🌟 is a Kubernetes Deployment Tool. It builds the docker image, creates the Kubernetes YAML, and runs kubectl apply.
  • Kubernetes DaemonSet that enables a direct shell on each Node using SSH to localhost Learn how you can use a DaemonSet to expose an SSH shell on each node of your cluster (even if you don’t have SSH installed). I run several K8S cluster on EKS and by default do not setup inbound SSH to the nodes. Sometimes I need to get into each node to check things or run a one-off tool. Rather than update my terraform, rebuild the launch templates and redeploy brand new nodes, I decided to use kubernetes to access each node directly.
  • NS Killer A Kubernetes project to kill all namespace living over X times. Quite useful when auto-generated development environments on the fly and give them a lifecycle out-of-the-box from Kubernetes or even Helm. You might find it useful if auto-generate development environments on the fly and want to remove old ones on a schedule.
  • kubeswitch: Kubernetes Version Switcher 🌟 Easily switch kubectl binary versions.
  • Kubeswitch (for operators) 🌟 The kubectx for operators. kubeswitch (lazy: switch) takes Kubeconfig context switching to the next level, catering to operators of large scale Kubernetes installations. Designed as a drop-in replacement for kubectx.
  • kubectl build (formerly known as kubectl-kaniko) Kubectl build mimics the kaniko executor, but performs building on your Kubernetes cluster side. This allows you to simply build your local dockerfiles remotely without leaving your cozy environment.
  • Kubei 🌟 is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images used in a Kubernetes cluster including images of application pods and system pods
  • Shell-operator is a tool for running event-driven scripts in a Kubernetes cluster. Shell-operator provides an integration layer between Kubernetes cluster events and shell scripts.
  • sinker is a tool to sync images from one container registry to another This is useful in cases when you rely on images that exist in a public container registry, but need to pull from a private registry.
  • ecrcp aims to mimic cp command in Linux systems as closely as possible in its implementation. Consider ecrcp to be the cp equivalent to copy container images from docker hub to ECR.
  • Checkov 🌟 is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, Kubernetes, Serverless or ARM Templates and detects security and compliance misconfigurations.
  • Cluster Cloner 🌟 Reads the Kubernetes clusters in one location (optionally filtering by labels) and clones them into another (or just outputs JSON as a dry run), to/from AWS, GCP, and Azure.
  • kubectl-eksporter 🌟 A simple Ruby-script to export k8s resources, and removes a pre-defined set of fields for later import.
  • kubectl-neat 🌟 Remove clutter from Kubernetes manifests to make them more readable.
  • medium: 4 Simple Kubernetes Terminal Customizations to Boost Your Productivity
  • Move2Kube 🌟 Move2Kube is a command-line tool that accelerates the process of re-platforming to Kubernetes/Openshift. It does so by analysing the environment and source artifacts, and asking guidance from the user when required. This tool that can help users migrate from Cloud Foundry and Docker Swarm to Kubernetes.
  • skopeo 🌟 Use skopeo to copy images between registries
  • junit5-kubernetes aims at using a kubernetes pod directly form your junit5 test classes.
  • Replacing ngrok with ktunnel
  • seaworthy: A CLI to verify #Kubernetes resource health !! 🌟 Post-apply check to verify your K8s resources are Seaworthy
  • kVDI A Kubernetes-native Virtual Desktop Infrastructure.
  • kcg 🌟 is a command line tool that lets you create kubeconfig files. The user can interactively choose a namespace and service account and generate a config file with token authentication that has same RBAC permissions assigned to chosen service account.
  • Compass 🌟 Quickly Pinpoint Errors in your Kubernetes Deployment.
  • kubernetes-dashboard-iam-proxy An in-browser version of aws eks get-token to enable cluster authentication using IAM for the Kubernetes dashboard.
  • Gitkube 🌟 is a tool for building and deploying Docker images on Kubernetes using git push. After a simple initial setup, users can simply keep git push-ing their repos to build and deploy to Kubernetes automatically.
  • vesion-checker is a Kubernetes utility for observing the current versions of images running in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.
  • Descheduler for Kubernetes 🌟 -> Balance your Kubernetes cluster
  • kubediff 🌟 is a tool for Kubernetes to show you the differences between your running configuration and your version controlled configuration.
  • awslabs/karpenter Karpenter is a metrics-driven autoscaler built for Kubernetes and can run in any Kubernetes cluster anywhere. It’s performant, extensible, and can autoscale anything that implements the Kubernetes scale subresource.
  • ekglue - Envoy/Kubernetes glue ekglue is a projects that facilitates connecting Kubernetes and Envoy, allowing Envoy to read Kubernetes services and endpoints as clusters (via CDS) and endpoints (via EDS).
  • salesforce/Craft CRAFT helps you to create Kubernetes Operators in a robust and generic way for any resource, letting developers focus on CRUD operations of resource management in a Dockerfile.
  • hyscale 🌟 HyScale takes a declarative definition of your service config and it generates Dockerfile, Container Image, Kubernetes Manifests (YAMLs) and deploys to any Kubernetes Cluster.
  • kubectl-reap is a kubectl plugin that deletes unused Kubernetes resources 🌟
  • KubeLinter 🌟 is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
  • KRD: Kubernetes Reference Deployment krd offers a reference for deploying a Kubernetes cluster. Its ansible playbooks allow to provision a deployment on Bare-metal or Virtual Machines
  • kubeshell is a command line tool to interactively shell in to (and out of) kubernetes pods.
  • k8s-harness 🌟 lets you create a disposable Kubernetes cluster with vagrant and Ansible to test your app in a prod-like environment.
  • Secret backup operator is an operator designed to backup secrets on a Kubernetes cluster. Backup happens when secrets are modified.
  • DevNation: 10 awesome kubernetes tools every user should know
  • HyScale 🌟 takes a declarative definition of your service config and it generates Dockerfile, Container Image, Kubernetes Manifests (YAMLs) and deploys to any Kubernetes Cluster
  • kube-fledged is a kubernetes add-on for creating and managing a cache of container images directly on the worker nodes of a kubernetes cluster. It allows a user to define a list of images and onto which worker nodes those images should be cached (i.e. pre-pulled). As a result, application pods start almost instantly, since the images need not be pulled from the registry.
  • Tagger keeps references to externally hosted Docker images internally in a Kubernetes cluster by mapping their tags (such as latest) into their references by hash
  • helm-ecr 🌟 is a Helm plugin that supports installing Charts from AWS ECR.
  • PipeCD is a continuous delivery system for declarative Kubernetes, Serverless, and Infrastructure applications.
  • kubecolor 🌟 colorises your kubectl output
  • kubectl-sudo This plugin allows users to run kubernetes commands with the security privileges of another user.
  • kfilt is a tool that lets you filter specific resources from a stream of Kubernetes YAML manifests. It can read manifests from a file, URL, or from stdin.
  • k8s-mirror: Creates a local mirror of a kubernetes cluster in a docker container to support offline reviewing 🌟
  • kube-secret-syncer 🌟 is a Kubernetes operator developed using the Kubebuilder framework that keeps the values of Kubernetes Secrets synchronised to secrets in AWS Secrets Manager.
  • kapp 🌟 is a CLI that calculates changes between your configuration and live cluster state and applies changes you approve.
  • Break down the barriers between development, testing, and CI. Use the same workflows and production-like Kubernetes environments at every step of the process
  • pvc-autoresizer resizes PersistentVolumeClaims (PVCs) when the free amount of storage is below the threshold. It queries the volume usage metrics from Prometheus that collects metrics from kubelet.
  • sKan is a tailor made Kubernetes configuration files and resources scanner that enables developers and devops team members to check whether their work is compliant with security & ops best practices
  • Kubernetes Node Auto Labeller
  • Kube_query Use kubectl but on all of the available k8s clusters available in the kubeconfig file. Currently will query only AWS EKS clusters.
  • kubernetes-event-exporter 🌟 This tool allows exporting the often missed Kubernetes events to various outputs so that they can be used for observability or alerting purposes. You won’t believe what you are missing.
  • Kubeconform 🌟 is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration using the schemas from kubernetes-json-schema. Similar to Kubeval, but with the following improvements:
    • High performance
    • Remote or local schemas locations
    • Up-to-date schemas for all recent versions of Kubernetes
  • Kubernetes Janitor cleans up (deletes) Kubernetes resources on a configured TTL (time to live) or a configured expiry date (absolute timestamp).
  • kube-batch is a batch scheduler for Kubernetes, providing mechanisms for applications which would like to run batch jobs leveraging Kubernetes. A batch scheduler of kubernetes for high performance workload, e.g. AI/ML, BigData, HPC
  • slipway: A Kubernetes controller to automate gitops provisioning
  • dnsconfig-injector - Mutating Admission Webhook for dnsconfig pod injection
  • kubectl-view-webhook 🌟 Visualize your webhook configurations in Kubernetes.
  • ContainerSSH: Launch containers on demand 🌟🌟 ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects. Authentication and container configuration are dynamic using webhooks, no system users required.
  • Kubei – Kubernetes Runtime Vulnerabilities Scanner 🌟
  • Lockbox: Offline encryption of Kubernetes Secrets Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller. A companion CLI tool, locket, makes encrypting secrets a one-step process.
  • openshift: Introducing kube-burner, A tool to Burn Down Kubernetes and OpenShift 🌟 Kube-burner is a tool designed to stress different OpenShift components basically by coordinating the creation and deletion of k8s resources. Along this blog series we’ll talk about how to use it in OpenShift 4.
  • kube-ebpf-exporter 🌟 Prometheus exporter for custom eBPF metrics.
  • qontract qontract (Queryable cONTRACT) is a collection of tools used to SREs to expose available managed services to application developer teams.
  • sheaf Manages bundles of Kubernetes components. sheaf is a tool that can create a bundle of Kubernetes components. It can generate an archive from the bundle that can be distributed for use in Kubernetes clusters. The initial idea was inspired by CNAB. It answers the question: how can I distribute Kubernetes manifests with their associated images?
  • CNABs facilitate the bundling, installing and managing of container-native apps β€” and their coupled services
  • Secure Access to Kubernetes From Your Pipeline
  • openpitrix 🌟 Application Management Platform on Multi-Cloud Environment. OpenPitrix is a web-based open-source system to package, deploy and manage different types of applications including Kubernetes application, microservice application and serverless applications into multiple cloud environment such as AWS, Azure, Kubernetes, QingCloud, OpenStack, VMWare etc.
  • kube-burner 🌟 Kube-burner is a tool aimed at stressing kubernetes clusters.
  • gimletd - the GitOps release manager GimletD acts as a release manager and detaches the release workflow from CI. By doing so, it unlocks the possibility of advanced release logics and flexibility to refactor workflows.
  • kubectl skew 🌟 A simple kubectl plugin to show if your kubernetes/kubectl version is “skewed”. In kubernetes, version skew policy is a bit confusing, especially for beginners. However, it is important to make sure you are always following the policy because using unsupported cluster/kubectl is problematic and even dangerous.
  • Offline encryption of Kubernetes Secrets. Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller. A companion CLI tool, locket, makes encrypting secrets a one-step process.
  • Suspicious pods 🌟 Prints a list of k8s pods that might not be working correctly
  • Armada A multi-cluster batch queuing system for high-throughput workloads on Kubernetes. Armada is an application to achieve high throughput of run-to-completion jobs on multiple Kubernetes clusters. It stores queues for users/projects with pod specifications and creates these pods once there is available resource in one of the connected Kubernetes clusters.
  • Ko: Easy Go Containers 🌟 Build and deploy Go applications on Kubernetes
  • Kubetail 🌟 Bash script to tail Kubernetes logs from multiple pods at the same time
    • Stern 🌟 Multi pod and container log tailing for Kubernetes. Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging – Friendly fork of
  • kubestr 🌟 Explore your Kubernetes storage options. Kubestr is a collection of tools to discover, validate and evaluate your kubernetes storage options.
  • KubeEye: An Automatic Diagnostic Tool that Provides a Holistic View of Your Kubernetes Cluster 🌟
  • k8gb 🌟 A cloud native Kubernetes Global Balancer
  • k8s-image-swapper 🌟 Mirror images into your own registry and swap image references automatically.
  • RBACSync 🌟 Automatically sync groups into Kubernetes RBAC. RBACSync provides a Kubernetes controller to synchronize RoleBindings and ClusterRoleBindings, used in Kubernetes RBAC, from group membership sources using consolidated configuration objects.
  • Saffire a controller to override image sources in the event that an image cannot be pulled. The intent of saffire is to provide operators with a method of automatically switching image repositories when imagePullErrors occur.
  • Cluster API Provider for Managed Bare Metal Hardware This repository contains a Machine actuator implementation for the Kubernetes Cluster API for managing bare metal hardware - Bare metal host provisioning for kubernetes
  • Kubernetes: 6 open source tools to put your cluster to the test The Kubernetes ecosystem includes an ever-growing number of tools and services you can plug in: Let’s look at six useful tools for putting your Kubernetes cluster and applications to the test.
  • kubectl-node-restart 🌟 Krew plugin to restart Kubernetes Nodes sequentially and gracefully
  • k8s-platform-lcm: Kubernetes platform lifecycle management 🌟 A faster and easier way to manage the lifecycle of applications and tools, running and living around your Kubernetes platform. Kubernetes platform lifecycle management helps you keep track of all your software and tools that are used or running in and around your Kubernetes platform.
  • Nebula A scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world.
  • kube-bench Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • kube-bench-exporter Helps you to export your kube-bench reports to multiple targets like Amazon S3 buckets with ease.
  • Karmada Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications. By speaking Kubernetes-native APIs and providing advanced scheduling capabilities, Karmada enables truly open, multi-cloud Kubernetes. -
  • kube-secrets-init Kubernetes mutating webhook for secrets-init injection
  • liqo: Enable dynamic and seamless Kubernetes multi-cluster topologies Building your endless Kubernetes ocean. Enable dynamic and seamless Kubernetes multi-cluster topologies. Liqo is a platform to enable dynamic and decentralized resource sharing across Kubernetes clusters, either on-prem or managed. Liqo allows to run pods on a remote cluster seamlessly and without any modification of Kubernetes and the applications. With Liqo it is possible to extend the control plane of a Kubernetes cluster across the cluster’s boundaries, making multi-cluster native and transparent: collapse an entire remote cluster to a virtual local node, by allowing workloads offloading and resource management compliant with the standard Kubernetes approach.
  • redhat-certification: chart-verifier: Rules based tool to certify Helm charts 🌟
  • helm-changelog: Create changelogs for Helm Charts, based on git history
  • 🌟🌟 Ingress Builder allows users to select any annotation from the list of available controllers, to add to the ingress manifest.
  • Jetstack Secure Agent 🌟🌟 Automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA)
  • Replicated Troubleshoot 🌟 Troubleshoot is a framework for collecting, redacting, and analyzing highly customizable diagnostic information about a Kubernetes cluster.
  • 🌟 A kubectl plugin to show out-of-date images running in a cluster.
  • kubestriker 🌟 A Blazing fast Security Auditing tool for Kubernetes. Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation.
  • KubeEye 🌟 KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems.
  • Analyze Kubernetes Audit logs using Falco 🌟 Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco
  • KubeHelper KubeHelper - simplifies many daily Kubernetes cluster tasks through a web interface. Search, analysis, run commands, cron jobs, reports, filters, git synchronization and many more.
  • kubewebhook Go framework to create Kubernetes mutating and validating webhooks
  • kaDalu A lightweight Persistent storage solution for Kubernetes / OpenShift using GlusterFS in background. Kadalu is a project which started as an idea to make glusterfs’s deployment and management simpler in kubernetes
  • 🌟 A tool that accelerates the process of re-hosting / re-platforming virtual machines to Kubernetes and KubeVirt. It does so by mapping resources (network and storage), creating equivalent resources int he target, and converting disk images.
    • Migrate virtual machines to Kubernetes with this new tool - forklift 🌟 Transition your virtualized workloads to Kubernetes with Forklift.
    • konveyor 🌟 is an open source project that helps transition existing workloads (development, test, and production) to Kubernetes. Its tools include Crane, to move containers from one Kubernetes platform to another; Move2Kube, to bring workloads from Cloud Foundry to Kubernetes; and Tackle, to analyze Java applications to modernize them by making them more standard and portable for the runtimes available in containerized platforms like Kubernetes.
  • go-containerregistry 🌟 Go library and CLIs for working with container registries
  • kubebox Terminal and Web console for Kubernetes
  • skooner - Kubernetes Dashboard Simple Kubernetes realtime dashboard and management
  • Polaris: Best Practices for Kubernetes Workload Configuration 🌟 Validation of best practices in your Kubernetes clusters - What is Fairwinds’ Polaris? Kubernetes Open Source Configuration Validation
  • Krane 🌟 is a Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.
  • KTail: Kubernetes log viewer 🌟 KTail allows you to tail multiple pods in one view. It automatically detects updates and attaches to new pods. Configurable highlighters show how often regular expressions matched and let you quickly navigate in the results.
  • Manifesto 🌟 allows you to create an application structure to facilitate easy deployment to kubernetes. Jsonnet is used to create the underlying application structure, manifesto manipulates this structure to produce manifests.
  • SigNoz: Open source Application Performance Monitoring (APM) & Observability tool 🌟 SigNoz helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.
  • port-map-operator LoadBalancer Service type implementation for home clusters via Port Control Protocol.
  • Raspbernetes - Kubernetes Cluster: k8s-gitops Kubernetes cluster managed by GitOps - Git as a single source of truth, automated pipelines, declarative everything, next-generation DevOps. This repo is a declarative implementation of a Kubernetes cluster. It’s using the GitOps Toolkit known as Fluxv2. The goal is to demonstrates how to implement enterprise-grade security, observability, and overall cluster config management using GitOps in a Kubernetes cluster.
  • Kpexec kpexec is a kubernetes cli that runs commands in a container with high privileges.
  • OpenShiftKubeAudit An auditing program to detect incompatibilities in Kubernetes manifests brought over to OpenShift. This auditing tool currently only supports Kubernetes manifests, but we plan to expand it to include Helm charts and Go code, as well. The tool is in very early stages, but is looking for community input to help add use cases.
  • Kubernetes Kpt in The Wild: What it is and how to use it 🌟 Kubernetes Kpt is tooling by Google that facilitates a structured approach to defining, managing, and distributing kubernetes templates between teams and orgs.
  • RollingUpgrade Reliable, extensible rolling-upgrades of Autoscaling groups in Kubernetes
  • Kerbi 🌟 Kerbi (Kubernetes Emdedded Ruby Interpolator) is yet another templating engine for generating Kubernetes resource manifests. It enables multi-strategy, multi-source templating, giving you the freedom to design highly specialized templating pipelines.
  • Kourier Purpose-built Knative Ingress implementation using just Envoy with no additional CRDs. Kourier is an Ingress for Knative Serving. Kourier is a lightweight alternative for the Istio ingress as its deployment consists only of an Envoy proxy and a control plane for it.
  • space-cloud: Develop, Deploy and Secure Serverless Apps on Kubernetes. Open source Firebase + Heroku to develop, scale and secure serverless apps on Kubernetes - Space Cloud is a Kubernetes based serverless platform that provides instant, realtime APIs on any database, with event triggers and unified APIs for your custom business logic.
  • Comparing Modern-Day Container Image Builders: Jib, Buildpacks and Docker 🌟
  • Teleport 🌟 Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
  • weaveworks: kured - Kubernetes Reboot Daemon 🌟 - One year kured - your Kubernetes Reboot Daemon Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS. Many rely on Kured, which helps perform safe automatic node reboots when indicated by the package management of the underlying OS, to help make OS security better.
  • k8s-cluster-simulator Kubernetes cluster simulator for evaluating schedulers.
  • kubelogin 🌟 kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
  • kube-oidc-proxy Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
    • Updating kube-oidc-proxy Kubernetes offers multiple ways to authenticate users to the API server. The best way to go, when available, is to use OpenID Connect (OIDC). We’ve talked about why you shouldn’t use certificates for kubernetes authentication, but most cloud providers won’t let you configure the API server flags needed to integrate managed clusters into an OIDC identity provider.
  • KubeSurvival 🌟 Significantly reduce Kubernetes costs by finding the cheapest machine types that can run your workloads
  • K8s Vault Webhook 🌟 - github: k8s-vault-webhook A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
  • cf-for-k8s The open source deployment manifest for Cloud Foundry on Kubernetes. cf-for-k8s blends the popular CF developer API with Kubernetes, Istio, and other open source technologies. The project aims to improve developer productivity for organizations using Kubernetes
  • tekline 🌟 tekline is a tekton delegated-pipeline to enable a bring-your-own pipeline configuration.
  • nerdctl 🌟 Docker-compatible CLI for containerd
  • El Carro: The Oracle Operator for Kubernetes 🌟 El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a powerful declarative API for comprehensive and consistent configuration and deployment as well as for real-time operations and monitoring.
  • jspolicy jsPolicy is an operator that helps you define Kubernetes Policies using JavaScript or TypeScript. Easier & Faster Kubernetes Policies using JavaScript or TypeScript.
  • k8scr 🌟 A kubectl plugin for pushing OCI images through the Kubernetes API server.
  • jsonnet-controller A fluxcd controller for managing manifests declared in jsonnet.
  • rback: RBAC in Kubernetes visualizer 🌟🌟 A simple “RBAC in Kubernetes” visualizer. No matter how complex the setup, rback queries all RBAC related information of an Kubernetes cluster in constant time and generates a graph representation of service accounts, (cluster) roles, and the respective access rules in dot format.
  • github: Kubernetes JSON Schemas 🌟 Schemas for every version of every object in every version of Kubernetes
  • kcp: a prototype of a Kubernetes API server that is not a Kubernetes cluster - a place to create, update, and maintain Kube-like APIs with controllers above or without clusters Kubernetes is mainly known as a container orchestration platform today, but we believe it can be even more. With the power of CustomResourceDefinitions, Kubernetes provides a flexible platform for declarative APIs of all types, and the reconciliation pattern common to Kubernetes controllers is a powerful tool in building robust, expressive systems. At the same time, a diverse and creative community of tools and services has sprung up around Kubernetes APIs. Imagine a declarative Kubernetes-style API for anything, supported by an ecosystem of Kubernetes-aware tooling, separate from Kubernetes-the-container-orchestrator. That’s kcp.
  • Metacontroller Metacontroller is an add-on for Kubernetes that makes it easy to write and deploy custom controllers in the form of simple scripts.
  • KubeCarrier - Service Management at Scale KubeCarrier is an open source system for managing applications and services across multiple Kubernetes Clusters; providing a framework to centralize the management of services and provide these services with external users in a self service hub.
  • NFS Ganesha server and external provisioner NFS Ganesha Server and Volume Provisioner. nfs-ganesha-server-and-external-provisioner is an out-of-tree dynamic provisioner for Kubernetes 1.14+. You can use it to quickly & easily deploy shared storage that works almost anywhere.
  • Armada kubectl plugin 🌟 Command line tools to manage kustomize packaged apps deployment. Armada is a Kubectl plugin that adds templating capacity and manage deployment to Kustomize apps. Templating uses go template to allow you to generate kustomize apps with templates inside. Armada allows you to git clone a packaged kustomize base and call it with the help of a config file.
  • Minnaker Minnaker is a simple way to install Spinnaker inside a VM. Spinnaker on Lightweight Kubernetes (K3s)
  • kVDI A Kubernetes-native Virtual Desktop Infrastructure
  • Kubesurveyor 🌟 Good enough Kubernetes namespace visualization tool. No provisioning to a cluster required, only Kubernetes API is scrapped.
  • NVIDIA k8s-device-plugin NVIDIA device plugin for Kubernetes. The NVIDIA device plugin for Kubernetes is a Daemonset that allows you to automatically: Expose GPUs on each nodes of your cluster, Keep track of the health of your GPUs, Run GPU enabled containers.
  • kubectl-tmux-exec A kubectl plugin to control multiple pods simultaneously using Tmux
  • grype: a vulnerability scanner for container images and filesystems
  • KubeView 🌟 Kubernetes cluster visualiser and graphical explorer. KubeView displays what is happening inside a Kubernetes cluster (or single namespace), it maps out the API objects and how they are interconnected. Data is fetched real-time from the Kubernetes API. The status of some objects (Pods, ReplicaSets, Deployments) is colour coded red/green to represent their status and health
  • karma 🌟 Alert dashboard for Prometheus Alertmanager
  • Rancher Desktop 🌟 Kubernetes and container management to the desktop. Rancher Desktop is an open-source project to bring Kubernetes and container management to the desktop. Windows and macOS versions of Rancher Desktop are available for download.
  • realvz/awesome-eks: A curated list of awesome tools for Amazon EKS 🌟
  • salesforce/Sloop - Kubernetes History Visualization 🌟 Sloop monitors Kubernetes, recording histories of events and resource state changes and providing visualizations to aid in debugging past events.
  • scalabledelivery/init-sync Sidecar for securely copying directory for statefulsets. A sidecar containner and initContainer for securely copying a directory between pods in StatefulSets.
  • Kspan - Turning Kubernetes Events into spans 🌟 Most Kubernetes components produce Events when something interesting happens. This program turns those Events into OpenTelemetry Spans, joining them up by causality and grouping them together into Traces.
  • csi-rclone: CSI rclone mount plugin CSI driver for rclone. This project implements Container Storage Interface (CSI) plugin that allows using rclone mount as storage backend. Rclone mount points and parameters can be configured using Secret or PersistentVolume volumeAttibutes.
  • Top 9 Open Source DevSecOps Tools for Kubernetes in 2021 🌟 Anchore, Checkov, Clair, Falco, Kube-bench, Kube-hunter, KubeLinter, Open Policy Agent (OPA), Terrascan
  • Kdo: deployless development on Kubernetes 🌟 Kdo is a command line tool that enables developers to run, develop and test code changes in a realistic deployed setting without having to deal with the complexity of Kubernetes deployment and configuration.
  • chekr A inspection utility for the maintenance of Kubernetes clusters.
  • KUR8 🌟 A visual overview of Kubernetes architecture and Prometheus metrics. KUR8 is an open-source Kubernetes analytics, monitoring, and visualizer web application that allows for querying, alerts, and creating custom charts and graphs that leverage Prothemeus and its time logged series database metrics.
  • mperezco/forklift-configmap-service Systemd service to run in VMs on KubeVirt to mount ConfigMaps
  • cdk8s Define Kubernetes native apps and abstractions using object-oriented programming
  • Havener Think of it as a swiss army knife for Kubernetes tasks.
  • KFServing 🌟 Serverless Inferencing on Kubernetes. KFServing provides a Kubernetes Custom Resource Definition for serving machine learning (ML) models on arbitrary frameworks. It aims to solve production model serving use cases by providing performant, high abstraction interfaces for common ML frameworks like Tensorflow, XGBoost, ScikitLearn, PyTorch, and ONNX.
  • rkubelog 🌟 Send k8s Logs to Papertrail and Loggly Without DaemonSets (for Nodeless Clusters) - dzone: ContainerD Kubernetes Syslog Forwarding Move from Logspout to Filebeat to support containerd logging architecture.
  • kubernetes-sigs: Trimaran: Load-aware scheduling plugins 🌟 Trimaran is a collection of load-aware scheduler plugins - IBM, Red Hat Bring Load-Aware Resource Management to Kubernetes
  • AWS Controllers for Kubernetes (ACK) 🌟 AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
  • connaisseur An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
  • VolSync 🌟 Asynchronous data replication for Kubernetes volumes. VolSync asynchronously replicates Kubernetes persistent volumes between clusters using either rsync or rclone. It also supports creating backups of persistent volumes via restic. VolSync, a new storage-agnostic utility for exporting and importing objects from one Kubernetes namespace to another, even across clusters!
  • ketall Kubectl plugin to show really all kubernetes resources. Like kubectl get all, but get really all resources
  • kube-scheduler-simulator Web-based Kubernetes scheduler simulator
  • multus-cni 🌟 A CNI meta-plugin for multi-homed pods in Kubernetes. Multus CNI is a container network interface (CNI) plugin for Kubernetes that enables attaching multiple network interfaces to pods. Typically, in Kubernetes each pod only has one network interface (apart from a loopback) – with Multus you can create a multi-homed pod that has multiple interfaces. This is accomplished by Multus acting as a “meta-plugin”, a CNI plugin that can call multiple other CNI plugins.
  • kim - The Kubernetes Image Manager
  • KUDO: The Kubernetes Universal Declarative Operator 🌟 KUDO is a toolkit that makes it easy to build Kubernetes Operators, in most cases just using YAML.
  • K8sPurger 🌟 K8SPurger is a controller that finds all unused resources and show them in a nice format
  • jenkins-x/gsm-controller gsm-controller is a Kubernetes controller that copies secrets from Google Secrets Manager into Kubernetes secrets. The controller watches Kubernetes secrets looking for an annotation, if the annotation is not found on the secret nothing more is done.
  • kontacts A Kubernetes directory tool for finding pods and services.
  • sciuro Alertmanager to Kubernetes Node conditions bridge. Sciuro is a bridge between Alertmanager and Kubernetes to sync alerts as Node Conditions. It is designed to work in tandem with other controllers that observe Node Conditions such as draino or the cluster-api.
  • rottencandy/vimkubectl Manage Kubernetes resources from Vim
  • carlosedp/cluster-monitoring: Cluster Monitoring stack for ARM / X86-64 platforms Cluster monitoring stack for clusters based on Prometheus Operator
  • abhirockzz/kubexpose-operator Access your Kubernetes Deployment over the Internet - Kubexpose: A Kubernetes Operator, for fun and profit! Access your Kubernetes Deployment over the Internet
  • kubernetes-reflector Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.
  • Another Autoscaler Another Autoscaler is a Kubernetes controller that automatically starts, stops, or restarts pods from a deployment at a specified time using a cron syntax.
  • cloud-ark/kubeplus 🌟 Kubernetes Operator to deliver Helm charts as-a-service
  • cloud-ark/caastle Full-stack microservices deployment for Google Kubernetes Engine and Amazon Elastic Container Service
  • eezhee/eezhee The easiest way to build a k3s cluster on various public clouds. A super fast and easy way to create a k3s based kubernetes cluster on a variety of public clouds. Currently DigitalOcean, Linode and Vultr are supported. All it takes is a single command and about 2 minutes and your cluster is ready to use. Most of the time is taken by the cloud provider bring up the base VM. Eezhee is ideal for development, testing or learning about Kubernetes.
  • ContainerSolutions/ImageWolf: ImageWolf - Fast Distribution of Docker Images on Clusters Fast Distribution of Docker Images on Clusters. ImageWolf is a PoC that provides a blazingly fast way to get Docker images loaded onto your cluster, allowing updates to be pushed out quicker.
  • dcherman/image-cache-daemon Image Cache Daemon is a service to pre-pull / cache images on Kubernetes before they’re needed
  • KnicKnic/temp-kubernetes-ci: Temp Kubernetes CI A github action to create a k3s kubernetes cluster in your CI VM for both linux & windows. Also has cmdline to copy and paste for other CI platforms.
  • mattmoor/warm-image: Kubernetes WarmImage CRD A Kubernetes CRD for prefetching container images onto nodes.
  • maorfr/kube-tasks: Kube tasks A tool to perform simple Kubernetes related actions. Simple Backups, Wait for Pods, Execute a command in a container.
  • tmobile/MagTape MagTape Policy-as-Code for Kubernetes. MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies. MagTape includes variable policy enforcement, notifications, and targeted metrics
  • vidispine/HULL - Helm Uniform Layer Library HULL (Helm Uniform Layer Library) is designed to ease building, maintaining and configuring Kubernetes objects in Helm charts.
  • hiddeco/Cronjobber Cronjobber is a cronjob controller for Kubernetes with support for time zones
  • karmab/autolabeller This repo contains a controller automatically labelling nodes based on either:
    • predefined regex rules matching node name.
    • a set of matching labels (with their associated value) present on the node.
  • kubernetes-sigs/nfs-subdir-external-provisioner: Kubernetes NFS Subdir External Provisioner Dynamic sub-dir volume provisioner on a remote NFS server. NFS subdir external provisioner is an automatic provisioner that use your existing NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims
  • ori-edge/k8s_gateway A CoreDNS plugin to resolve all types of external Kubernetes resources. k8s_gateway is a CoreDNS plugin that resolves load balancer and external IPs from outside Kubernetes clusters and supports all types of Kubernetes external resources - Ingress, Service of type LoadBalancer.
  • viaduct-ai/kustomize-sops KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
  • Using Makefiles And Envsubst As An Alternative To Helm And Ksonnet (deprecated)
  • Kubernetes Semaphore: A modular and nonintrusive framework for cross cluster communication
  • zakkg3/ClusterSecret: Kubernetes ClusterSecret operator ClusterSecret operator makes sure all the matching namespaces have the secret available. New namespaces, if they match the pattern, will also have the secret. Any change on the ClusterSecret will update all related secrets. Deleting the ClusterSecret deletes “child” secrets (all cloned secrets) too.
  • tektoncd/chains Tekton Chains is a Kubernetes Custom Resource Definition (CRD) controller that allows you to manage your supply chain security in Tekton.
  • gopaddle-io/configurator Synchronize and Version Control ConfigMaps & Secrets across Deployment Rollouts.
  • biosimulations/deployment Kubernetes Configuration for BioSimulations platform.
  • chrislusf/seaweedfs SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, local tiering, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, Hadoop, WebDAV, encryption, Erasure Coding.
  • kubernetes-sigs/kui A hybrid command-line/UI development experience for cloud-native development
  • DaspawnW/vault-crd Vault CRD for sharing Vault Secrets with Kubernetes. Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets
  • stakater/Reloader 🌟 A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig
  • dignajar/another-ldap Another LDAP is a form-based authentication for Active Directory / LDAP server. Provides Authentication and Authorization for your applications running in Kubernetes.
  • ddosify/ddosify High-performance load testing tool, written in Golang.
  • anchore/syft CLI tool and library for generating a Software Bill of Materials from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype.
  • aws/aws-node-termination-handler 🌟 Gracefully handle EC2 instance shutdown within Kubernetes
  • aelsabbahy/goss Quick and Easy server testing/validation
  • chr-fritz/csi-sshfs Kubernetes CSI Plugin for SSHFS. It allows to mount directories using a ssh connection.
  • ctrox/csi-s3 A Container Storage Interface for S3. This is a Container Storage Interface (CSI) for S3 (or S3 compatible) storage. This can dynamically allocate buckets and mount them via a fuse mount into any container.
  • codesenberg/bombardier 🌟 Fast cross-platform HTTP benchmarking tool written in Go
  • fstab/cifs CIFS Flexvolume Plugin for Kubernetes. Driver for CIFS (SMB, Samba, Windows Share) network filesystems as Kubernetes volumes.
  • Kui: CLI-driven Graphics for Kubernetes. Tired of working with Kubernetes in cli mode only? Try kui - a hybrid tool that allows you to interact with any Kubernetes cluster easily with more advanced features available only in GUI.
  • bloomberg/goldpinger 🌟 Debugging tool for Kubernetes which tests and displays connectivity between nodes in the cluster. Goldpinger makes calls between its instances to monitor your networking. It runs as a DaemonSet on Kubernetes and produces Prometheus metrics that can be scraped, visualised and alerted on.
  • haxsaw/hikaru 🌟 Move smoothly between Kubernetes YAML and Python for creating/updating/componentizing configurations. Hikaru is a tool that provides you the ability to easily shift between YAML, Python objects/source, and JSON representations of your Kubernetes config files. It provides assistance in authoring these files in Python, opens up options in how you can assemble and customise the files, and provides some programmatic tools for inspecting large, complex files to enable automation of policy and security compliance. Additionally, Hikaru allows you to use its K8s model objects to interact with Kubernetes, directing it to create, modify, and delete resources.
  • kei6u/kubectl-secret-data A kubectl plugin for finding decoded secret data with productive search flags.
  • ofek/csi-gcs Kubernetes CSI driver for Google Cloud Storage. An easy-to-use, cross-platform, and highly optimized Kubernetes CSI driver for mounting Google Cloud Storage buckets.
  • target/pod-reaper Rule based pod killing kubernetes controller. Pod-Reaper was designed to kill pods that meet specific conditions. See the “Implemented Rules” section below for details on specific rules.
  • utilitywarehouse/kube-applier kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster. kube-applier is Kubernetes deployment tool strongly following gitOps principals. It enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster.
  • Trendyol/kink KinK is a helper CLI that facilitates to manage KinD clusters as Kubernetes pods. Designed to ease clusters up for fast testing with batteries included in mind.
  • vbouchaud/k8s-ldap-auth Kubernetes webhook token authentication plugin implementation using ldap.
  • wangjia184/pod-inspector A tool to inspect pods in kubernetes. Unlike other dashboardes for Kubernetes(Lens / Rancher / etc), Kubernetes Pod Inspector allows to check the file system and processes within running Linux pods without using kubectl. This is useful when we want to check the files within volumes mounted by pods
  • witchery-project/witchery build distroless images with alpine tools
  • knight42/kubectl-blame: kubectl-blame: git-like blame for kubectl Show who edited resource fields. A useful opensource tool that comes as a plugin to show who modified attributes in kubernetes resource fields.
  • curiefense/curiefense Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs) and more
  • kubernetes-sigs/node-feature-discovery: Node feature discovery for Kubernetes Welcome to Node Feature Discovery – a Kubernetes add-on for detecting hardware features and system configuration!
  • arttor/helmify Creates Helm chart from Kubernetes yaml. Helmify reads a list of supported k8s objects from stdin and converts it to a helm chart. Designed to generate charts for k8s operators but not limited to. See examples of charts generated by helmify.
  • 4ARMED/kubeletmein Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers. This is a simple penetration testing tool which takes advantage of public cloud provider approaches to providing kubelet credentials to nodes in a Kubernetes cluster in order to gain privileged access to the k8s API. This access can then potentially be used to further compromise the applications running in the cluster or, in many cases, access secrets that facilitate complete control of Kubernetes.
  • patrickdappollonio/kubectl-slice Split multiple Kubernetes files into smaller files with ease. Split multi-YAML files into individual files.
  • appvia/cosign-keyless-admission-webhook Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
  • theketchio/ketch 🌟 Ketch is an application delivery framework that facilitates the deployment and management of applications on Kubernetes using a simple command line interface.
  • joyrex2001/kubedock Kubedock is a minimal implementation of the docker api that will orchestrate containers on a Kubernetes cluster, rather than running containers locally.
  • corneliusweig/konfig konfig helps to merge, split or import kubeconfig files
  • armosec/regolibrary ARMO rego library for detecting miss-configurations in Kubernetes manifests
  • groundnuty/k8s-wait-for 🌟 A simple script that allows to wait for a k8s service, job or pods to enter a desired state
  • nabsul/k8s-ecr-login-renew: Renew Kubernetes Docker secrets for AWS ECR Renews Docker login credentials for an AWS ECR container registry.
  • particledecay/kconf Manage multiple kubeconfigs easily
  • maruina/aws-auth-manager: K8s controller to manage the aws-auth configmap A kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD.
  • segmentio/kubectl-curl: Kubectl plugin to run curl commands against kubernetes pods
  • wallarm/sysbindings sysctl/sysfs settings on a fly for Kubernetes Cluster. No restarts are required for clusters and nodes.
  • atombender/ktail 🌟 ktail is a tool to easily tail Kubernetes logs. It’s like kubectl logs, but with a bunch of features to make it more convenient:
    • Detects pods and containers as they come and go
    • Tails multiple pods and containers
    • All containers are tailed by default
    • Recovers from failure
  • 🌟 - vmware-tanzu/pinniped Pinniped is the easy, secure way to log in to your Kubernetes clusters.
  • keisku/kubectl-explore A better kubectl explain with the fuzzy finder. This plugin fuzzy-find the field explanation from supported API resources. It implements different explanations for particular API version. kubectl-explore is a kubectl plugin to fuzzy-find and explain the field supported API resources like “pod.spec”, “cronJob.spec.jobTemplate”, etc.
  • box/kube-exec-controller An admission controller service and kubectl plugin to handle container drift in K8s clusters. kube-exec-controller is an admission controller for handling container drift (caused by kubectl exec, attach, cp, or other interactive requests) inside a Kubernetes cluster. This project also includes a kubectl plugin for checking such Pods.
  • abahmed/kwatch πŸ‘€ monitor & detect crashes in your Kubernetes(K8s) cluster instantly. kwatch helps you monitor all changes in your Kubernetes cluster, detects crashes in your running apps in real-time, and publishes notifications to your channels (Slack, Discord, etc.) instantly.
  • cuber-cloud/cuber-gem: CUBER An automation tool that simplify the deployment of your apps on Kubernetes.
  • kubeops/config-syncer: Config Syncer (previously Kubed) Kubernetes Config Syncer (previously kubed). Config Syncer keeps ConfigMaps and Secrets synchronized across namespaces and/or clusters
  • eldadru/ksniff 🌟 Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
  • openclarity/kubeclarity KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
  • NimbleArchitect/kubectl-ice 🌟 Cleanly list all containers in kubernetes pods including init containers and view running kubernetes information about those multi-container pods to assist in troubleshooting and information gathering. kubectl-ice is a kubectl plugin that lets you see the configuration of all pod’s containers. You can inspect volumes, images, ports and executable configurations, along with current CPU and memory metrics at the container level.
  • vmware-tanzu/k-bench 🌟 Workload Benchmark for Kubernetes. K-Bench is a framework to benchmark the control and data plane aspects of a Kubernetes infrastructure. It provides a configurable way to prescriptively create and manipulate Kubernetes resources at scale and collect the metrics.
  • k8tz/k8tz: Kubernetes Timezone Controller Kubernetes admission controller and a CLI tool to inject timezones into Pods and CronJobs
  • patrickdappollonio/tabloid: tabloid – your tabulated data’s best friend tabloid is a simple command line tool to parse and filter column-based CLI outputs from commands like kubectl or docker
  • ReallyLiri/kubescout: Kube-Scout Scout for alarming issues across your Kubernetes clusters. kubescout is a command-line tool designed to issue alerts in real-time for:
    • Pod evictions
    • Pod stuck in terminating/initializing
    • Excessive disk usage, process & inode allocation
    • Warning/errors in native logs
    • Helm failures
    • etc
  • govirtuo/kube-ns-suspender 🌟 A k8s controller that scales up and down namespaces on-demand with an embedded friendly UI and a Prometheus exporter. Inspired by kube-downscaler.Kube-ns-suspender watches namespaces and “suspends” them by scaling to 0 some of the resources. Once a namespace is suspended, it will not be restarted automatically. This allows to “reactivate” namespaces only when required and reduces costs
  • Kubernetes Downscaler 🌟 Scale down / “pause” Kubernetes workload (Deployments, StatefulSets, and/or HorizontalPodAutoscalers and CronJobs too !) during non-work hours.
  • deepfence/PacketStreamer ⭐⭐ Distributed tcpdump for cloud native environments ⭐⭐ PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis.
  • kris-nova/kaar kaar is the Kubernetes Application Archive. kaar will:
    • Recursively iterate through every file in the path and search for valid Kubernetes YAML
    • Identify all container images referenced from the YAML
    • Archive the container images
  • mohatb/kubectl-exec kubectl-exec is a kubectl plugin that allows you to access a node. It works by creating a pod (with a privileged container) in the node you specified and using nsenter for getting a shell into your Kubernetes nodes. Works on both Linux and Windows.
  • kudobuilder/kuttl KUbernetes Test TooL (KUTTL) provides a declarative approach to test Kubernetes Operators. It is designed for testing operators, however it can declaratively test any kubernetes objects.
  • steveteuber/kubectl-graph ⭐ A kubectl plugin to visualize Kubernetes resources and relationships.
  • crazy-max/diun Diun is a CLI application written in Go and delivered as a single executable (and a Docker image) to receive notifications when a Docker image is updated on a Docker registry.
  • omrikiei/ktunnel ⭐ A cli that exposes your local resources to kubernetes. A CLI tool that establishes a reverse tunnel between a kubernetes cluster and your local machine.
  • Pixie: an X-ray Machine for Kubernetes Traffic Pixie is one of a handful of observability tools that offer eBPF or kernel-level observability. In this tutorial, you will learn how to see all of your applications’ metrics, events, logs, and traces using Pixie with Kubernetes.
  • Deploy open-source software on Kubernetes in record time ⭐ An open-source platform to build, maintain, and scale infrastructure on Kubernetes. Batteries included.
  • pan-net-security/kcount kcount counts Kubernetes objects across namespaces and clusters. It can be used as a CLI tool or as a daemon (service) exposing Prometheus metrics.
  • cloudtty/cloudtty: A Kubernetes Cloud Shell (Web Terminal) Operator A Friendly Kubernetes CloudShell (Web Terminal) !
  • jthomperoo/k8shorizmetrics k8shorizmetrics is a library that provides the internal workings of the Kubernetes Horizontal Pod Autoscaler (HPA) wrapped up in a simple API. The project allows querying metrics just as the HPA does, and also running the calculations.
  • Kube-capacity is a simple and powerful CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster. It combines the best parts of kubectl top and describe into an easy to use CLI focused on cluster resources.
  • Goldilocks is a utility that can help you identify a starting point for resource requests and limits
  • learnk8s/xlskubectl a spreadsheet to control your Kubernetes cluster. xlskubectl integrates Google Spreadsheet with Kubernetes. You can finally administer your cluster from the same spreadsheet that you use to track your expenses.
  • kingdonb/kubectl-exec-user lets you exec as a specified user into a Kubernetes container
  • upmc-enterprises/registry-creds: Registry Credentials ⭐ Allow for AWS ECR, Google Registry, & Azure Container Registry credentials to be refreshed inside your Kubernetes cluster via ImagePullSecrets
  • pymag09/kubecui kubeui makes kubectl more user friendly. This is still kubectl but enhanced with fzf. However, kubectl slows you down - requires heavy keyboard typing. In order to alleviate interaction with kubernetes API and describe the fields associated with each supported API resource directly in the Terminal, kubectl was complemented by fzf.
  • awesome-it/adeploy adeploy is a deployment tool for Kubernetes that supports the rendering and deploying of lightweight Jinja templated Kubernetes manifests and complex Helm charts
  • stakater/Forecastle Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes
  • acorn-io/acorn Acorn is a simple application deployment framework for Kubernetes:
    • One artifact across dev, test, and production
    • Simple CLI and powerful API
    • Runs on any Kubernetes cluster
  • smartxworks/knest knest: Kubernetes-in-Kubernetes Made Simple
  • smartxworks/virtink Virtink is a Kubernetes add-on for running Cloud Hypervisor virtual machines. By using Cloud Hypervisor as the underlying hypervisor, Virtink enables a lightweight and secure way to run fully virtualized workloads in a canonical Kubernetes cluster
  • inspektor-gadget/inspektor-gadget Introspecting and debugging Kubernetes applications using eBPF “gadgets”. Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications. It manages the packaging, deployment and execution of eBPF programs in a Kubernetes cluster, including many based on BCC tools, as well as some developed specifically for use in Inspektor Gadget. It automatically maps low-level kernel primitives to high-level Kubernetes resources, making it easier and quicker to find the relevant information.
  • toboshii/hajimari Hajimari is a beautiful & customizable browser startpage/dashboard with Kubernetes application discovery.
  • Ramilito/kubediff ⭐ Source VS Deployed. kubediff compares the local YAML resource definitions with the ones currently deployed in the cluster.
  • FairwindsOps/gonogo GoNoGo is a utility to help users determine upgrade confidence around Kubernetes cluster addons
  • pulumi/kube2pulumi Upgrade your Kubernetes YAML to a modern language
  • doitintl/kube-no-trouble: kubent ⭐⭐⭐ Easily check your clusters for use of deprecated APIs
  • resmoio/kubernetes-event-exporter Export Kubernetes events to multiple destinations with routing and filtering
  • jthomperoo/predictive-horizontal-pod-autoscaler Horizontal Pod Autoscaler built with predictive abilities using statistical models
  • Count resources by kind. kubectl-count uses the dynamic library to find server preferred resources and then leverages the informer mechanism to list and count resources by kind. You can show any kinds counts in kubernetes and group by namespaces.
  • Kubernetes scheduler written in less than 100 lines of bash
  • ⭐ Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.
  • kubernetes-sigs/kwok Kubernetes WithOut Kubelet - Simulates thousands of Nodes and Clusters. KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds. Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
  • Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
  • Krateo Platformops is an open-source tool that allows users to create any desired resource on various infrastructures. It acts as a centralized control plane, allowing users to monitor and control resources.
  • A global resource download orchestration system, build your home download center.
  • A browser based remote desktop solution on kubernetes Building a cost effective and simple remote desktop solution on kubernetes using open source apache guacamole
  • kvaps/kubectl-node-shell kubectl node-shell is a krew plugin that lets start a root shell in the node’s host
  • In this repository, you’ll find the code for storing and distributing container images using the OCI Distribution Specification. The goal of this project is to provide a simple, secure, and scalable base for building a large-scale registry solution.
  • Pipy is a programmable proxy for the cloud, edge and IoT.
  • This repository contains a Podman machine image that can run native WebAssembly container images, which only contain wasm files and no runtime
  • Watch and print changes in k8s. This tool watches kubernetes resources and prints the delta in changes.
  • ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects.
  • Management tool for Kubernetes cluster deployment and maintenance. Kubemarine is an open-source, lightweight and powerful management tool built for end-to-end Kubernetes cluster deployment and maintenance
  • card-to-sample-YAML lets you generate a sample YAML file from a Custom Resource Definition
  • Run a Kubernetes Job and get the logs when it’s done πŸƒβ€β™‚οΈ
  • Service Hub is a tool to create and manage a Self-Service portal for your applications using Kubernetes and Helm


  • Managing your Kubernetes clusters (including public, private, edge, etc) as easily as visiting the Internet
    • Clusternet (Cluster Internet) is a tool that helps you manage thousands of Kubernetes clusters
    • It can also help deploy and manage applications across several clusters from a single set of APIs in a single hosting cluster

Open Cluster Management

  • Make working with many Kubernetes clusters super easy regardless of where they are deployed. Open Cluster Management is a community-driven project focused on multicluster and multicloud scenarios for Kubernetes apps. Open APIs are evolving within this project for cluster registration, work distribution, dynamic placement of policies and workloads, and much more.

Penetration Testing Tools

  • What is Penetration Testing? Penetration testing is otherwise referred to as pen testing. This blog on β€˜What is Penetration Testing? - Types, Phases, Tools Explained’ discusses in detail what pen testing is and how it works, the numerous tools involved in this field, and so on. This blog aims to give you an insight into pen testing and how Ethical Hackers use it for the purpose of Cyber Security. Let’s dive right in.
  • quarkslab/kdigger kdigger is a context discovery tool for Kubernetes penetration testing.
  • inguardians/peirates Peirates - Kubernetes Penetration Testing tool

Deckhouse Kubernetes Platform

  • Deckhouse: NoOps Kubernetes platform 🌟 Deckhouse is an Open Source platform for managing Kubernetes clusters in a fully automatic and uniform fashion. It allows you to create homogeneous Kubernetes clusters anywhere and fully manages them. It supplies all the add-ons you need for auto-scaling, observability, security, and service mesh. It comes in Enterprise Edition (EE) and Community Edition (CE).

KubeIP (GKE)

  • Many applications need to be whitelisted by users based on a Source IP Address. As of today, Google Kubernetes Engine doesn’t support assigning a static pool of IP addresses to the GKE cluster. Using kubeIP, this problem is solved by assigning GKE nodes external IP addresses from a predefined list. kubeIP monitors the Kubernetes API for new/removed nodes and applies the changes accordingly.
  • Many applications need to be whitelisted based on a Source IP Address.
  • Using kubeIP, you can assign external IP addresses from a predefined list to GKE nodes. kubeIP monitors the Kubernetes API for new/removed nodes and applies the changes
  • doitintl/kubeIP Assign static external IPs from predefined pool of external IP addresses to Google GKE nodes so your customers could whitelist them


  • Porter Package your application artifact, client tools, configuration and deployment logic together as a versioned bundle that you can distribute, and then install with a single command -

Datree. Quality Checks for Kubernetes YAMLs

Kaniko Build Images in Kubernetes without docker

Shipwright Framework for Building Container Images on Kubernetes

BuildKit CLI for kubectl

Buildpacks vs Dockerfiles


  • 🌟 KubeVela is a modern application platform that makes deploying and managing applications across today’s hybrid, multi-cloud environments easier and faster. KubeVela is runtime agnostic, natively extensible, yet most importantly, application-centric .
  • Intro to KubeVela: A better way to ship applications KubeVela makes deploying applications to Kubernetes much easier. Rather than knowing about service, deployment, pods, and horizontal pod scaling, you can specify a much lighter configuration.

Pixie. Instantly troubleshoot applications on Kubernetes

Dekorate. Generate k8s manifests for java apps





  • KubeLibrary KubeLibrary is a RobotFramework library for testing Kubernetes cluster


  • kube-vip is a Load-Balancer for both inside and outside a Kubernetes cluster.
  • What’s one of the biggest pain in implementing Kubernetes for on-prem? Lack of support for LoadBalancer Service. Now there’s a second project (the first is MetalLB) that provides this functionality for on-prem: kube-vip.



  • kustomizer Kustomize build, apply, prune command-line utility. Kustomizer is a command-line utility for applying kustomizations on Kubernetes clusters. Kustomizer garbage collector keeps track of the applied resources and prunes the Kubernetes objects that were previously applied on the cluster but are missing from the current revision.


Kubermatic Kubernetes Platform

Kubermatic Kubeone

  • kubermatic/kubeone 🌟 Kubermatic KubeOne automate cluster operations on all your cloud, on-prem, edge, and IoT environments.
  • How to Write Software That Sets Up Kubernetes Anywhere with Kubermatic Kubeone Kubernetes is a complex system. But installing Kubernetes doesn’t need to be hard. In this short clip, our Software Engineer Marko MudriniΔ‡ explains how to use existing tools to make tasks easier for you. He provides you with some insights on the learnings we made while creating KubeOne, an open source and infrastructure-agnostic cluster lifecycle management tool for single and HA Kubernetes clusters.



  • Popeye - A Kubernetes Cluster Sanitizer 🌟🌟 Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not what’s sitting on disk. By scanning your cluster, it detects misconfigurations and helps you to ensure that best practices are in place, thus preventing future headaches. It aims at reducing the cognitive overload one faces when operating a Kubernetes cluster in the wild. Furthermore, if your cluster employs a metric-server, it reports potential resources over/under allocations and attempts to warn you should your cluster run out of capacity.
  • Top 10 Kubernetes Tools You Need for 2021 – Popeye


  • kbrew kbrew is homebrew for Kubernetes. kbrew is a CLI tool for Kubernetes which makes installing any complex stack easy in one step (And yes we are definitely inspired by Homebrew from MacOS)



Kubectl Connections

Benchmark Operator

Source-To-Image (S2I)

  • openshift/source-to-image A tool for building artifacts from source and injecting into container images. Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. No writing a bunch of YAML to build your container.

VMware Tanzu Octant

  • vmware-tanzu/octant Highly extensible platform for developers to better understand the complexity of Kubernetes clusters. Octant is a tool for developers to understand how applications run on a Kubernetes cluster. It aims to be part of the developer’s toolkit for gaining insight and approaching complexity found in Kubernetes. Octant offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities.

Qovery Engine

  • Qovery/engine: Qovery Engine 🌟 Qovery Engine is an open-source abstraction layer library that turns easy apps deployment on AWS, GCP, Azure, and other Cloud providers in just a few minutes. The Qovery Engine is written in Rust and takes advantage of Terraform, Helm, Kubectl, and Docker to manage resources.

mck8s Container orchestrator for multi-cluster Kubernetes

  • moule3053/mck8s mck8s, short for multi-cluster Kubernetes, allows you to automate the deployment of multi-cluster applications on multiple Kubernetes clusters by offering enhanced configuration possibilities. The main aim of mck8s is maximizing resource utilization and supporting elasitcity across multiple Kubenetes clusters by providing multiple placement policies, as well as bursting, cloud resource provisioning, autoscaling and de-provisioning capabilities. mck8s builds upon other open-source software such as Kubernetes, Kubernetes Federation, kopf, serf, Cilium, Cluster API, and Prometheus.

Shipwright framework

  • shipwright-io/build: shipwright A framework for building container images on Kubernetes.
  • With Shipwright, developers get a simplified approach for building container images, by defining a minimal YAML that does not require any previous knowledge of containers or container tooling. All you need is your source code in git and access to a container registry.
  • Shipwright supports any tool that can build container images in Kubernetes clusters, such as:
    • Kaniko
    • Cloud Native Buildpacks
    • BuildKit
    • Buildah

Schiff (Deutsche Telekom)

  • telekom/das-schiff This is home of Das Schiff - Deutsche Telekom Technik’s engine for Kubernetes Cluster as a Service (CaaS) in on-premise environment on top of bare-metal servers and VMs.


  • NetMaker Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

AWS Karpenter kubernetes Autoscaler

Kuby (easy deployments of Ruby Rails App)


  • Direktiv Serverless Container Orchestration. Diretiv is a serverless workflow and automation engine running on Kubernetes and Knative. Direktiv is the equivalent of AWS Step Functions, or Google Cloud Workflows or Alibaba Serverless Workflows. The difference between Direktiv and the cloud provider workflow engines is that Direktiv is cloud & platform agnostic, runs on kubernetes and executes containers as “plugins”.
  • Building a simple cloud-native, orchestrated microservice from containers





  • bitnami-labs/kubewatch Watch k8s events and trigger Handlers. kubewatch is a Kubernetes watcher that currently publishes notification to available collaboration hubs/notification channels. Run it in your k8s cluster, and you will get event notifications through webhooks.


  • BotKube is a messaging bot for monitoring and debugging Kubernetes clusters.


Soup GitOps Operator

  • caldito/soup Soup is a GitOps operator for Kubernetes. GitOps continuous deployment and management tool for Kubernetes focused on simplicity.


  • The Application Development Engine for Kubernetes. Epinio is how you tame the developer workflow in Kubernetes to go from Code to URL in a single step.
  • epinio/epinio Opinionated platform that runs on Kubernetes, that takes you from App to URL in one step.



  • kuberlogic Kuberlogic is an open-source product that deploys and manages software on top of the Kubernetes cluster and turns infrastructure into a managed PaaS. KuberLogic is that allows running managed databases and popular applications deploying on-premises or at any cloud. The solution provides API, monitoring, backups, and integration with SSO right out of the box


Azure AD Workload Identity

  • Azure/azure-workload-identity Azure AD Workload Identity uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods. It simplifies accessing Azure AD protected resources securely from Kubernetes workloads.


  • laurci/kubernate Kubernetes+Generate = Kubernate. Kubernate is a Kubernetes YAML generator that can be used as an alternative to other popular tools like Helm. Kubernate is distributed as a library and as a CLI, both working together to achieve one goal: Kubernetes as Code.


Azure Placement Policy Scheduler Plugins

  • Azure/placement-policy-scheduler-plugins This scheduler enables cluster admins to offload some configurable percentage of their workloads to spot nodes enabling them to decrease the cost of running these pods without affecting their reliability.
  • Most of cloud environments today provides cluster admins with ephemeral nodes (VMs). These nodes typically cost significantly less but they offer less reliability than their regular counterpart. Cluster admins are often torn between the choice of cost and reliability because of the innate inability of the default Kubernetes scheduler to place some of a specific workload pods on these nodes. Having the entire workload on ephemeral nodes risks the reliability of the workload when the cloud environment stops these nodes. This scheduler enables cluster admins to offload some configurable percentage of their workloads on these nodes enabling them to decrease the cost of running these pods without affecting its reliability.

Azure AAD Pod Identity


  • MicroShift is a research project that is exploring how OpenShift1 and Kubernetes can be optimized for small form factor and edge computing.
  • It requires only 2GB to run
  • You can run it as a container with Docker or Podman
  • It is a very trimmed version of OpenShift without many features

kubefwd (Kube Forward)

  • txn2/kubefwd Kubernetes port forwarding for local development.
  • kubefwd is a tool built to port forward multiple services within one or more namespaces on one or more Kubernetes clusters
  • kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation

Kpng. Kubernetes Proxy NG

Auto-portforward (apf)

  • ruoshan/autoportforward Bidirectional port-forwarding for docker, podman and kubernetes. A handy tool to automatically set up proxies that expose the remote container’s listening ports back to the local machine. Just like kubectl portforward or docker run -p LOCAL:REMOTE, but automatically discover and update the ports to be forwarded on the fly. apf can create listening ports in the container and forward them back as well.


  • gardener/terraformer: Terraformer Executes Terraform configuration as job/pod inside a Kubernetes cluster. Terraformer is a tool that can execute Terraform commands (apply, destroy and validate) and can be run as a Pod inside a Kubernetes cluster. The Terraform configuration and state files (,, terraform.tfvars and terraform.tfstate) are stored as ConfigMaps and Secrets in the Kubernetes cluster and will be retrieved and updated by Terraformer.


  • werf/werf
  • The CLI tool gluing Git, Docker, Helm, and Kubernetes with any CI system to implement CI/CD and Giterminism. Werf is an Open Source CLI tool written in Go, designed to simplify and speed up the delivery of applications. To use it, you need to describe the configuration of your application (in other words, how to build and deploy it to Kubernetes) and store it in a Git repo β€” the latter acts as a single source of truth. In short, that’s what we call GitOps today.
  • A solution for implementing efficient/consistent software delivery to Kubernetes. It covers the entire life cycle of CI/CD and related artifacts, gluing commonly used tools (Git, Docker, Helm, K8s, gitops).
  • werf/kubedog Kubedog is a library to watch and follow Kubernetes resources in CI/CD deploy pipelines. This library is used in the werf CI/CD tool to track resources during deploy process.
  • Running one-time tasks and debugging images in the Kubernetes cluster using werf

Starboard kubernetes-native security toolkit

  • aquasecurity/starboard Kubernetes-native security toolkit. Starboard is a completely open source tool that integrates with other security tools to scan your workloads and make security reports accessible through the Kubernetes API - K8s all the way πŸš€


  • nicolaka/netshoot a Docker + Kubernetes network trouble-shooting swiss-army container. Purpose: Docker and Kubernetes network troubleshooting can become complex. With proper understanding of how Docker and Kubernetes networking works and the right set of tools, you can troubleshoot and resolve these networking issues. The netshoot container has a set of powerful networking tshooting tools that can be used to troubleshoot Docker networking issues. Along with these tools come a set of use-cases that show how this container can be used in real-world scenarios.

The Hierarchical Namespace Controller (HNC)


  • syntasso/kratix Kratix is a framework for building Platform-as-a-Product.
  • Kratix is a framework that enables co-creation of capabilities by providing a clear contract between application and platform teams through the definition and creation of β€œPromises”. Using the GitOps workflow and Kubernetes-native constructs, Kratix provides a flexible solution to empower your platform team to curate an API-driven, curated, bespoke platform that can easily be kept secure and up-to-date, as well as evolving as business needs change.
  • Kratix enables platform teams to deliver a Kubernetes-native platform API, over fleets of Kubernetes clusters.
  • Kratix is deployed to a platform cluster, and uses the GitOps Toolkit to orchestrate a topology of worker clusters.


KubeOrbit. Test your app on kubernetes

Mizu API Traffic Viewer for Kubernetes

  • up9inc/mizu API traffic viewer for Kubernetes enabling you to view all API communication between microservices to help your debug and troubleshoot regressions. Think TCPDump and Wireshark re-invented for Kubernetes.



Keepass Secret

  • rene6502/keepass-secret keepass-secret is a command-line tool that converts entries from a KeePass 2.3 file into Kubernetes secrets. This tool was created to automatically create Kubernetes Secret in CI/CD pipelines to deploy workloads to Kubernetes clusters.

Workflow Schedulers

Komodor Workflows

Azure Eraser

  • 🌟 🧹 Cleaning up images from Kubernetes nodes. Eraser is a tool that helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster

komodor workflow

Data Pipeline Workflow Schedulers

ConfigMap Reloader

  • 🌟
  • ConfigMap Reloader β€” Automatically reload new data from ConfigMap/Secret to deployments
    • ConfigMaps and Secrets are way to inject environment variables and application configurations to a Pod in Kubernetes. Sometimes and sometime many times, we need to change the value of environment variables or configurations. For that we need to update ConfigMap/Secret.
    • In Kubernetes, When we make some changes to a ConfigMap or Secret, new data is not automatically propagated to the pods from that configmap/secret. We often need to restart the pods to load new data.
    • This can be achieved using a tool β€˜Reloader’. It is a Kubernetes controller which watch the changes made to secrets and ConfigMaps and perform rolling upgrades on pods with their associated Deployments, StatefulSets or DaemonSets. It is an Opensource tool provided by Stakater who also provide various other enterprise K8s solutions.


  • infrahq/infra 🌟 Infra enables you to discover and access infrastructure (e.g. Kubernetes, databases). It helps you connect an identity provider such as Okta or Azure active directory, and map users/groups with the permissions you set to your infrastructure.


  • 🌟 Kluctl is the missing glue to put together large Kubernetes deployments. It allows you to declare and manage multi-environment and multi-cluster deployments. Kluctl does not have cluster-side dependencies and works out of the box.

k2tf Kubernetes YAML to Terraform HCL converter

Kubernetes Security Tools

  • PaloAltoNetworks/rbac-police RBAC-police is a CLI tool that lets you evaluate the RBAC permissions of service accounts, pods and nodes in Kubernetes clusters through policies written in Rego
  • m9sweeper/m9sweeper m9sweeper is a complete kubernetes security platform that wraps trivy, project falco, kube-bench, kube-hunter, kubesec, and OPA Gatekeeper into one easy to manage user interface.


  • purelb/purelb PureLB - is a Service Load Balancer for Kubernetes. PureLB is a load-balancer orchestrator for Kubernetes clusters. It uses standard Linux networking and routing protocols, and works with the operating system to announce service addresses.




Konf Lightweight Kubeconfig Manager

  • konf is a lightweight kubeconfig manager. With konf you can use different kubeconfigs at the same time. And because it does not need subshells, konf is blazing fast!


  • k8spacket - packets traffic visualization for kubernetes. k8spacket helps to understand TCP packets traffic in your kubernetes cluster:
    • Shows traffic between workloads in the cluster
    • Informs where the traffic is routed outside the cluster
    • Displays information about closing sockets by connections

Infrastructure as Code using Kubernetes. Config Connector

  • Config Connector is an open source Kubernetes addon that allows you to manage Google Cloud resources through Kubernetes.
  • Infrastructure as Code using Kubernetes
    • Config Connector (KCC) is a solution to maintain Cloud Resources as Infrastructure as Code. It is built as an Open Source initiative and runs on Kubernetes clusters. As such, it leverages YAML files to maintain and operate such resources.
    • Config Connector has two versions: an Add-On for Google Kubernetes Engine (GKE) clusters and a manual installation for other Kubernetes distributions.

Claudie Cloud-agnostic managed Kubernetes

  • Claudie is a platform for managing multi-cloud Kubernetes clusters with each node pools in a different cloud provider

Observability Monitoring Tools

  • KubernOcular is a free, open-source tool which harnesses the power of Prometheus and the Kubernetes-Client Node API to give developers an insightful and holistic view of Kubernetes clusters.
  • This application “pings” websites every few minutes. It can be used to keep the application alive on e.g. or

Debugging and Troubleshooting Tools

  • kubectl-debug is a tool that lets you debug a target container in a Kubernetes cluster by automatically creating a new, non-invasive, ‘debug’ container in the same PID, network, user, and IPC namespace as the target container without any disruption
  • A simple go tool to check that your cluster is in supported version written in GO. k8f is a command line tool to find, list, connect and check versions for kubernetes clusters. With k8f you can connect at once to all clusters tagged as “AWS” or find a specific cluster in your kubeconfig.
  • Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security


  • Badrobot is a Kubernetes Operator audit tool. It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.


Click to expand!


Click to expand!