k8s_tools

Kube Cluster Deployment Tools

1. Kubespray

Kubespray provides a set of Ansible roles for Kubernetes deployment and configuration. Kubespray can use AWS, GCE, Azure, OpenStack or a bare metal Infrastructure as a Service (IaaS) platform. Kubespray is an open-source project with an open development model. The tool is a good choice for people who already know Ansible as there’s no need to use another tool for provisioning and orchestration. Kubespray uses kubeadm under the hood.

Link: https://github.com/kubernetes-incubator/kubespray

2. Minikube

Minikube allows you to install and try out Kubernetes locally. The tool is a good starting point for Kubernetes exploration. Easily launch a single-node Kubernetes cluster inside a virtual machine (VM) on your laptop. Minikube is available on Windows, Linux, and OSX. In just 5 minutes you will be able to explore Kubernetes’ main features. Launch the Minikube dashboard straight-from-the-box with just one command.

Link: https://github.com/kubernetes/minikube

3. Kubeadm

Kubeadm is a Kubernetes distribution tool since version 1.4. The tool helps to bootstrap best-practice Kubernetes clusters on existing infrastructure. Kubeadm cannot provision infrastructure for you though. Its main advantage is the ability to launch minimum viable Kubernetes clusters anywhere. Add-ons and networking setup are both out of Kubeadm’s scope though, so you will need to install this manually or using another tool.

Link: https://github.com/kubernetes/kubeadm

4. Kops

Kops helps you create, destroy, upgrade, and maintain production-grade, highly available Kubernetes clusters from the command line. Amazon Web Services (AWS) is currently officially supported, with GCE in beta support, and VMware vSphere in alpha, and other platform support is planned. Kops allows you to control the full Kubernetes cluster lifecycle; from infrastructure provisioning to cluster deletion.

Link: https://github.com/kubernetes/kops

Monitoring Tools

10. Kubebox

Kubebox is a terminal console for Kubernetes cluster which allows you to manage and monitor your cluster-live status with nice, old-school interface. Kubebox shows your pod resource usage, cluster monitoring, and container logs, etc. Additionally, you can easily navigate to the desired namespace and execute into the desired container for fast troubleshooting/recovery.

Link: https://github.com/astefanutti/kubebox

11. Kubernetes Operational View (Kube-ops-view)

Kube-ops-view is a read-only system dashboard for multiple K8s clusters. With Kube-ops-view you can easily navigate between your cluster and monitor nodes as well as your pod’s healthiness. Kube-ops-view animates some Kubernetes processes such as pod creation and termination.

Link: https://github.com/hjacobs/kube-ops-view

12. Kubetail

Kubetail is a small bash script which allows you to aggregate logs from multiple pods into one stream. The initial Kubetail version doesn’t have filtering or highlighting features, but there is an additional Kubetail fork on Github. This can form and perform logs coloring using multitail tools.

Link:
https://github.com/johanhaleby/kubetail
https://github.com/aks/kubetail

13. Kubewatch

Kubewatch is a Kubernetes watcher which can publish K8s events to the team communication app, Slack. Kubewatch runs as a pod inside Kubernetes clusters and monitors changes that occur in the system. You can specify the notifications you want to receive by editing the configuration file.

Link: https://github.com/bitnami-labs/kubewatch

14. Weave Scope

Weave Scope is a troubleshooting and monitoring tool for Docker and Kubernetes clusters. It can automatically generate applications and infrastructure topologies which can help you to identify application performance bottlenecks easily. You can deploy Weave Scope as a standalone application on your local server/laptop, or you can choose the Weave Scope Software as a Service (SaaS) solution on Weave Cloud. With Weave Scope, you can easily group, filter or search containers using names, labels, and/or resource consumption.

Link: https://www.weave.works/oss/scope/

15. Prometheus

Prometheus monitoring has fast become the go-to tool for Kubernetes monitoring tool. It offers a multi-dimensional data model and a very user-accessible format and protocols. Exposing Prometheus metrics in Kubernetes is a pretty straightforward task. The data scraped is human readable, in a self-explanatory format, and published using a standard HTTP transport.

Link: https://prometheus.io/

16. Searchlight

Searchlight by AppsCode is a Kubernetes operator for Icinga. Searchlight periodically runs various checks on Kubernetes clusters and alerts you via email, SMS or chat if something goes wrong. Searchlight includes a default suite of checks written specifically for Kubernetes. Also, it can enhance Prometheus monitoring with external black-box monitoring and serves as a fallback in case internal systems completely fail.

Link: https://github.com/appscode/searchlight

17.cAdvisor

CAdvisor is installed by default on all cluster nodes to collect metrics for Kubernetes about running containers and nodes. CAdvisor Kubelet exposes these metrics through Kubelet APIs (with a default of one-minute resolution). The Metrics Server identifies all available nodes and calls Kubelet API to get containers and nodes resources usage before exposing the metrics through Kubernetes aggregation API.

Link: https://github.com/google/cadvisor

18. Kube-state-metrics

kube-state-metrics generates metrics from Kubernetes API objects without modification by listening to the Kubernetes API server. It doesn’t examine the health of individual Kubernetes components so much as it focuses on the health of the various objects inside, such as deployments, nodes and pods.

Link: https://github.com/kubernetes/kube-state-metrics

19. Sumo Logic App

The Sumo Logic Kubernetes App offer complete visibility into the worker nodes within your clusters, as well as for their application logs. The app allows users to monitor and troubleshoot container health, replication, load balancing, pod state and hardware resource allocation. The App utilizes Falco events to monitor and detect anomalous container, application, host, and network activity.

Link: https://www.sumologic.com/application/kubernetes/

20. Dynatrace

Dynatrace OneAgent is container-aware and comes with built-in support for out-of-the-box monitoring of Kubernetes. Dynatrace provides full-stack monitoring for Kubernetes, i.e. monitoring from the application down to the infrastructure layer. However, if you don’t have access to the infrastructure layer, Dynatrace provides also the option of application-only monitoring.

Link: https://www.dynatrace.com/

Testing

21. Kube-monkey

Kube-monkey is the Kubernetes’ version of Netflix’s Chaos Monkey. Kube-monkey is a tool that follows the principles of chaos engineering. It can delete K8s pods at random, check services are failure-resilient, and contribute to your system’s healthiness. Kube-monkey is also configured by a TOML file where you can specify which app is to be killed and when to practice your recovery strategies.

Link: https://github.com/asobti/kube-monkey

22. K8s-testsuite

K8s-testsuite is made up of 2 Helm charts which work for network bandwidth testing and load testing a single Kubernetes cluster. Load tests emulate simple web-servers with loadbots which run as a Kubernetes microservice based on the Vegeta. Network tests use iperf3 and netperf-2.7.0 internally and run three times. Both sets of tests generate comprehensive log messages with all results and metrics.

Link: https://github.com/mrahbar/k8s-testsuite

23. Test-infra

Test-infra is a collection of tools for Kubernetes testing and results verification. Test-infra includes a few dashboards for displaying history, aggregating failures, and showing what is currently testing. You can enhance your test-infra suite by creating your own test jobs. Test-infra can perform end-to-end Kubernetes testing with full Kubernetes lifecycle emulation on different providers using the Kubetest tool.

Link: https://github.com/kubernetes/test-infra

24. Sonobuoy

Sonobuoy allows you to understand your current Kubernetes cluster state by running a set of tests in an accessible and non-destructive manner. Sonobuoy generates informative reports with detailed information about cluster performance. Sonobuoy supports 3 Kubernetes minor versions: the current release and 2 minor versions before. Sonobuoy Scanner is a browser-based tool which allows you to test Kubernetes clusters in a few clicks, but the CLI version has a bigger set of tests available.

Link: https://sonobuoy.io/

25. PowerfulSeal

PowerfulSeal is a tool similar to Kube-monkey and follows the Principles of Chaos Engineering. PowerfulSeal can kill pods and remove/add VMs from or to your clusters. In contrast to Kube-monkey, PowefulSeal has an interactive mode which allows you to manually break specific cluster components. Also, PowefulSeal doesn’t need external dependencies apart from SSH.

Link: https://github.com/bloomberg/powerfulseal

Security

26. Trireme

Trireme is a flexible and straightforward implementation of the Kubernetes Network Policies. Trireme works in any Kubernetes cluster and allows you to manage traffic between pods from different clusters. The main advantages of Trireme are the lack of a need for any centralized policy management, the ability to easily organize the interaction of the two resources deployed in Kubernetes, and the lack of complexities of SDN, VLAN tags, and subnets (Trireme uses a conventional L3-network).

Link: https://github.com/aporeto-inc/trireme-kubernetes

27. Aporeto

Aporeto provides security for containers, microservices, cloud and legacy applications based on workload identity, encryption, and distributed policies. As Aporeto policies function independently of the underlying infrastructure, security policies can be enabled across Kubernetes clusters or over hybrid environments that include Kubernetes and non-Kubernetes deployments.

Link: https://www.aporeto.com/

28. Twistlock

Twistlock continually monitors your applications deployed on K8s for vulnerability and compliance issues, including the underlying host as well as containers and images. In addition, Twistlock Runtime Defense automatically models container behavior, allowing known, good behavior while alerting on or blocking anomalous activity. Finally, Twistlock provides both layer 3 microsegmentation as well as a layer 7 firewall that can protect front end microservices from common attacks.

Link: https://www.twistlock.com/

29. Falco

Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Falco is based on the Sysdig Project, an open source tool (and now a commercial service), built for monitoring container performance by way of tracking kernel system calls. Falco lets you continuously monitor and detect container, application, host, and network activity with one set of rules.

Link: https://sysdig.com/opensource/falco/

30. Sysdig Secure

Sysdig Secure, part of the Sysdig Container Intelligence Platform, comes out-of-the-box with unmatched container visibility and deep integrations with container orchestration tools. These include Kubernetes, Docker, AWS ECS, and Apache Mesos. With Sysdig Secure you can Implement service-aware policies, block attacks, analyze your history, and monitor cluster performance. Sysdig Secure is available as cloud and on-premise software offerings.

Link: https://sysdig.com/product/secure/

31. Kubesec.io

Kubesec.io is a service which allows you to score Kubernetes resources for security feature usage. Kubesec.io verifies resource configuration according to Kubernetes security best-practices. As a result, you will have total control and additional suggestions for how to improve overall system security. The site also contains plenty of external links related to containers and Kubernetes security.

Link: https://kubesec.io

Helpful CLI Tools

32. Cabin

NOTE: This project is currently not under active development

Cabin functions as a mobile dashboard for the remote management of Kubernetes clusters. With Cabin, users can quickly manage applications, scale deployments, and troubleshoot overall K8s cluster from their Android or iOS device. Cabin is a great tool for operators of K8s clusters as it allows you to perform quick remediation actions in case of incidents.

Link: https://github.com/bitnami-labs/cabin

33. Kubectx/Kubens

Kubectx is a small open-source utility tool which enhances Kubectl functionality with the possibility to switch context easily and connect to a few Kubernetes clusters at the same time. Kubens allows you to navigate between Kubernetes namespaces. Both tools have an auto-completion feature on bash/zsh/fish shells.

Link: https://github.com/ahmetb/kubectx

34. Kube-shell

Kube-shell increases your productivity when working with kubectl. Kube-shell enables command auto-completion and auto-suggestion. Also, Kube-shell will provide in-line documentation about executed command. Kube-shell even can search and correct commands when wrongly typed. It’s a great tool to increase your performance and productivity in the K8s console.

Link: https://github.com/cloudnativelabs/kube-shell

35. Kail

Kail is short for Kubernetes tail and works for Kubernetes clusters. With Kail, you can tail Docker logs for all matched pods. Kail allows you to filter pods by service, deployment, labels, and other features. Pods will be added (or removed) automatically to the log after a launch if it matches the criteria.

Link: https://github.com/boz/kail

Development Tools

36. Telepresence

Telepresence provides the possibility to debug Kubernetes clusters locally by proxy data from your Kubernetes environment to the local process. Telepresence is able to provide access to Kubernetes services and AWS/GCP resources for your local code as it will be deployed to the cluster. With Telepresence, Kubernetes counts local code as a normal pod within your cluster.

Link: https://www.telepresence.io/

37. Helm

Helm is a package manager for Kubernetes. It is like APT/Yum/Homebrew, but for Kubernetes. Helm operates with Charts which is an archive set of Kubernetes resource manifests that make up a distributed application. You can share your application by creating a Helm chart. Helm allows you to create reproducible builds and manage Kubernetes manifests easily.

Link: https://github.com/kubernetes/helm

38. Jaeger

The Jaeger Operator is an implementation of a Kubernetes Operator and provides another method of packaging, deploying, and managing a Kubernetes application.

Link: https://www.jaegertracing.io/

39. turbonomic

turbonomic’s kubernetes-as-a-service (KaaS) management capabilities include support for Amazon Elastic Container Service for Kubernetes (EKS), Microsoft Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Pivotal Container Service (PKS). Self-managing Kubernetes optimizes performance, efficiency, and compliance so IT organizations can scale and accelerate cloud native intiatives.

Link: https://turbonomic.com/product/integrations/kubernetes/

40. Supergiant

Supergiant is an open source collection of utilities that simplify installing and managing your Kubernetes clusters. The Supergiant Kubernetes toolkit is three separate applications: Control, Analyze, and Capacity. Essentially, Supergiant acts as a microservices application that allows using these three tools separately.

Link: https://supergiant.io/toolkit/

41. Keel

Keel allows you to automate Kubernetes deployment updates and can be launched as a Kubernetes service in a dedicated namespace. With such organization, Keel introduces a minimal load on your environment and adds significant robustness. Keel helps to deploy Kubernetes service through labels, annotations, and charts. You just need to specify an update policy for each deployment or Helm release. Keel will automatically update your environment as soon as the new application version is available in the repository.

Link: https://keel.sh/

42. Apollo

Apollo is an open source application providing teams with self-service UI for creating and deploying their services to Kubernetes. Apollo allows operators to view logs and revert deployments to any point in time with just one click. Apollo has flexible permission models for deployments. Each user can deploy only what he needs to deploy.

Link: https://github.com/logzio/apollo

43. Draft

Draft is a tool provided by the Azure team that streamlines application development and deployment into any Kubernetes cluster. Draft creates “inner loops” between code deployment and code commits which significantly speed up the change verification process. With Draft, developers can prepare application Dockerfiles and Helm charts plus deploy applications to a remote or local Kubernetes cluster with two commands.

Link: https://github.com/azure/draft

44. Deis Workflow

NOTE: This project is no longer maintained

Deis Workflow is an open source tool. The Platform as a Service (PaaS) creates additional layers of abstraction on top of Kubernetes clusters. These layers allow you to deploy and/or update Kubernetes applications without specific domain knowledge from developers. Workflow builds upon Kubernetes concepts to provide simple, developer-friendly app deployment. Delivered as a set of Kubernetes microservices, operators can easily install the platform. Workflow can deploy new versions of your app with zero downtime.

Link: https://deis.com/workflow/

45. Kel

Kel is an open source PaaS from Eldarion, Inc. which helps to manage Kubernetes applications through the entire lifecycle. Kel provides two additional layers written in Python and Go on top of Kubernetes. Level 0 allows you to provision Kubernetes resources, and Level 1 helps you to deploy any application on K8s.

Link: http://www.kelproject.com/

46. Kong

Kong, previously known as Kong Community (CE), is an open-source scalable API gateway technology initiated by Kong Inc and has a growing community. Kong allows developers to manage authentication, data encryption, logging, rate limiting and other standard features with Kubernetes that they would expect from a basic API management system. All of this is powered by a straightforward RESTful API, and the platform itself is built on top of the NGINX proxy server and the Apache Cassandra database management system.

Link: https://konghq.com/

Serverless/Function Tools

48. Kubeless

Kubeless is a Kubernetes-native serverless framework that lets you deploy small bits of code without having to worry about the underlying infrastructure plumbing. Kubeless is aware of Kubernetes resources out-of-the-box and also provides auto-scaling, API routing, monitoring, and troubleshooting. Kubeless fully relies on K8s primitives, so Kubernetes users will also be able to use native K8s API servers and API gateways.

Link: https://github.com/kubeless/kubeless

49. Fission

Fission is a fast serverless framework for Kubernetes with a focus on developer productivity and high performance. Fission works on a Kubernetes cluster anywhere: on your laptop, in any public cloud, or in a private data-center. You can write your function using Python, NodeJS, Go, C# or PHP, and deploy it on K8s clusters with Fission.

Link: https://fission.io/

50. Funktion

NOTE: This project is now sandboxedFor a long time, there was only one Function as a Service (FaaS) implementation available for Kubernetes: Funktion. Funktion is an open source event-driven lambda-style programming model designed for Kubernetes. Funktion is tightly coupled with the fabric8 platform. With Funktion, you can create flows to subscribe from over 200 event sources to invoke your function, including most databases, messaging systems, social media, and other middleware and protocols.

Link: https://github.com/funktionio/funktion

51. IronFunction

IronFunctions is an open source serverless platform or FaaS platform that you can run anywhere. IronFunction is written on Golang and really supports functions in any language. The main advantage of IronFunction is that it supports the AWS Lambda format. Import functions directly from Lambda and run them wherever you want.

Link: https://github.com/iron-io/functions

52. OpenWhisk

Apache OpenWhisk is a robust open source FaaS platform driven by IBM and Adobe. OpenWhisk can be deployed on a local on-premise device or on the cloud. The design of Apache OpenWhisk means it acts as an asynchronous and loosely-coupled execution environment that can run functions against external triggers. OpenWhisk is available as SaaS solution on Bluemix, or you can deploy a Vagrant-based VM locally.

Link: https://console.bluemix.net/openwhisk/

53. OpenFaaS

The OpenFaaS framework aims to manage serverless functions on Docker Swarm or Kubernetes where it will collect and analyze a wide range of metrics. You can package any process inside your function and use it without repetitive coding or any other routine action. FaaS has Prometheus metrics baked-in, which means it can automatically scale your functions up and down for demand. FaaS natively supports a web-based interface where you can try out your function.

Link: https://github.com/openfaas/faas

54. Nuclio

Nuclio is a serverless project which aims to proceed with high-performance events and large amounts of data. Nuclio can be launched on an on-premise device as a standalone library or inside a VM/Docker container. Also, Nuclio supports Kubernetes out of the box. Nuclio provides real-time data processing with maximum parallelism and minimum overheads. You can try out Nuclio on the playground page.

Link: https://github.com/nuclio/nuclio

55. Virtual-Kubelet

Virtual Kubelet is an open source Kubernetes Kubelet implementation that masquerades as a kubelet for the purposes of connecting Kubernetes to other APIs. Virtual Kubelet allows the nodes to be backed by other services like ACI, Hyper.sh, and AWS, etc. This connector features a pluggable architecture and direct use of Kubernetes primitives, making it much easier to build on.

Link: https://virtual-kubelet.io/

56. Fnproject

Fnproject is a container native serverless project which supports practically any language and can run almost everywhere. Fn is written on Go, so it is performance-ready and lightweight. Fnproject supports AWS Lambda format style, so you can easily import your Lambda functions and launch it with Fnproject.

Link: http://fnproject.io/

Service Mesh Tools

57. Istio

Istio is an open source service mesh intended to make it easier to connect, manage and secure traffic between, and observe telemetry about microservices running in containers. Istio is a collaboration between IBM, Google and Lyft.

Link: https://istio.io/

58. Linkerd + Linkerd2

Linkerd (rhymes with “chickadee”) is an open source service mesh tool that makes service-to-service communication reliable, fast and safe. By intercepting network communication within the application, service meshes are able to extract metrics (“telemetry”), apply service-to-service policies and encrypt the exchange. Linkerd2 is an ultralight service mesh from Linkerd that works specifically with Kubernetes.

Links:
https://linkerd.io/
https://github.com/linkerd/linkerd2

59. Hashicorp’s Consul

Consul is a service networking solution that connects and secure sservices across any runtime platform and public or private cloud. Like the above service mesh technologies, Istio and Linkerd, HashiCorp’s Consul Connect opts for a proxy that’s deployed as a sidecar. The proxy transparently secures communication among microservices and enables policy definition through a concept known as Intentions.

Link: https://www.hashicorp.com/products/consul/

Native Service Discovery

60. CoreDNS

CoreDNS is a set of plugins written in Go which perform DNS functions. CoreDNS with additional Kubernetes plugins can replace the default Kube-DNS service and implement the specification defined for Kubernetes DNS-based service discovery. CoreDNS can also listen for DNS requests coming in over UDP/TCP, TLS, and gRPC.

Link: https://coredns.io/

Native Visualization & Control

61. Kubernetes Dashboard

Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It is much easier to troubleshoot and monitor K8s clusters with a native dashboard. You need to create a secure proxy channel between your machine and Kubernetes API server to access the dashboard. The native Kubernetes dashboard relies on the Heapster data collector, so it also needs to be installed in the system.

Link: https://github.com/kubernetes/dashboard#kubernetes-dashboard

Cost Management

62. Replex

Replex is a namesake governance and cost management platform designed for working in Kubernetes environments. The tool solves the challenges surrounding Kubernetes’ dynamic nature by unifying cost and governance management for deployments in the cloud.

Link: https://www.replex.io/

Ref