.svg){kind=icon}
eks-node-viewer is a tool for visualizing dynamic node usage within a cluster. It was originally developed as an internal tool at AWS for demonstrating consolidation with Karpenter. It displays the scheduled pod resource requests vs the allocatable capacity on the node. It does not look at the actual pod resource usage.
Tool for building Kubernetes attack paths.
KubeHound creates a graph of attack paths in a Kubernetes cluster, allowing you to identify direct and multi-hop routes an attacker is able to take, visually or through complex graph queries.
Open-source best practices for protecting a secure, sensible cloud platform.
Your Quick Reference to Cloud Best Practices.
An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform.
Centralized Cloud-Based Secrets Management Platform.
Securely manage, orchestrate, and govern secrets at scale with Doppler’s developer-first cloud hosted platform.
The Registry is a stateless, highly scalable server side application that stores and lets you distribute container images and other content.
This repository's main product is the Open Source Registry implementation for storing and distributing container images and other content using the OCI Distribution Specification. The goal of this project is to provide a simple, secure, and scalable base for building a large scale registry solution or running a simple private registry. It is a core library for many registry operators including Docker Hub, GitHub Container Registry, GitLab Container Registry and DigitalOcean Container Registry, as well as the CNCF Harbor Project, and VMware Harbor Registry.
kubernetes log viewer.
Kubernetes tail. Streams logs from all containers of all matched pods. Match pods by service, replicaset, deployment, and others. Adjusts to a changing cluster - pods are added and removed from logging as they fall in or out of the selection.
Automated resources sizing tool for containers in kubernetes.
Kondense is an automated resource sizing tool. It runs as a sidecar in kubernetes pods.
Kondense uses memory pressure to apply just the right amount of memory on a container to page out the unused memory while not getting out-of-memory killed.
Automate the installation of self-hosted Kubernetes clusters.
Autok8s aims to fully automate the installation of self-hosted Kubernetes clusters in a bare-metal or virtual machine based environment.
data plane testing utility of cloud native.
kdoctor is a Kubernetes data plane testing component that conducts functional and performance tests on clusters using proactive pressure injection. It addresses the operational needs of network, storage, and applications by adopting a cloud-native approach based on extensive research and abstraction. With its CRD design, kdoctor can seamlessly integrate with observability components.
Manage Kubernetes in style.
JET Pilot is an open-source Kubernetes desktop client that focuses on less clutter, speed and good looks.
RemoteLocal Environments to build distributed applications.
Development environment as a service. Building distributed applications isn’t complex anymore!
With Kloudlite’s unified remote local environments, integrate the comfort of local coding with the power of remote environments
Kloudlite is an open-source platform designed to provide seamless and secure development environments for building distributed applications. It connects local workspaces with remote Kubernetes environments via a WireGuard network, allowing developers to access services and resources with production-level parity. With Kloudlite, there’s no need for build or deploy steps during development— With service intercepts, your changes are reflected in real time, enhancing productivity and reducing the development loop.
OpenClarity is an open source platform to enhance security and observability of cloud native applications and infrastructure.
OpenClarity is an open source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security.
A flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm. Venator is flexible enough to run standalone or with other job schedulers like Nomad.
Venator is optimized for Kubernetes deployment but is flexible enough to run standalone or with other job schedulers like Nomad. It provides a highly adaptable detection engine that prioritizes simplicity, extensibility, and ease of maintenance. Supporting multiple query engines and publishers, Venator allows you to easily switch between different data lakes or services with minimal changes, avoiding vendor lock-in and dependence on specific SIEM solutions for signal generation.
Kubernetes cost monitoring and management.
Escalator is a batch or job optimized horizontal autoscaler for Kubernetes.
It is designed for large batch or job based workloads that cannot be force-drained and moved when the cluster needs to scale down - Escalator will ensure pods have been completed on nodes before terminating them. It is also optimized for scaling up the cluster as fast as possible to ensure pods are not left in a pending state.
Giving Kubernetes Superpowers to everyone.
k8sgpt is a tool for scanning your Kubernetes clusters, diagnosing, and triaging issues in simple English.
It has SRE experience codified into its analyzers and helps to pull out the most relevant information to enrich it with AI.
Kubernetes Event-driven Autoscaling.
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
Kubernetes Live Cluster Linter. A Kubernetes cluster resource sanitizer.
Popeye is a utility that scans live Kubernetes clusters and reports potential issues with deployed resources and configurations. As Kubernetes landscapes grows, it is becoming a challenge for a human to track the slew of manifests and policies that orchestrate a cluster. Popeye scans your cluster based on what’s deployed and not what’s sitting on disk. By linting your cluster, it detects misconfigurations, stale resources and assists you to ensure that best practices are in place, thus preventing future headaches. It aims at reducing the cognitive overload one faces when operating a Kubernetes cluster in the wild. Furthermore, if your cluster employs a metric-server, it reports potential resources over/under allocations and attempts to warn you should your cluster run out of capacity.
A lightweight, multi-host, daemonless mini-pass that supports deploying kubernetes manifests.
Low resource, no daemon, kubernetes manifest compatible mini-paas.