kubernetes
DX-focused control plane for Postgres dedicated to non-critical workloads. Your postgres:latest replacement 🐘
NeonD is an open-source Neon-based control plane daemon for PostgreSQL. It offers S3-based layer durability, instant branching, precise Point-in-time recovery in seconds. Runs as a single Docker container, handles multi-tenant PostgreSQL instances seamlessly.
Agent substrate is a system built on top of Kubernetes which manages agent-like workloads to achieve higher scale and efficiency than Kubernetes alone can offer, with lower latency. It builds on top of Kubernetes features like Pods and Pod autoscaling, but takes the Kubernetes control-plane out of the critical path to achieve lower latency.
Related contents:
tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF.
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF.
It manages the packaging, deployment and execution of Gadgets (eBPF programs encapsulated in OCI images) and provides mechanisms to customize and extend Gadget functionality.
Related contents:
Lightning Fast Kubernetes navigator.
⚡ LFK is a lightning-fast, keyboard-focused, yazi-inspired terminal user interface for navigating and managing Kubernetes clusters. Built for speed and efficiency, it brings a three-column Miller columns layout with an owner-based resource hierarchy to your terminal.
AI powered Kubernetes Assistant.
kubectl-ai acts as an intelligent interface, translating user intent into precise Kubernetes operations, making Kubernetes management more accessible and efficient.
External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, CyberArk Secrets Manager, Pulumi ESC and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
Related contents:
Kubernetes for Local LLMs.
A Kubernetes operator for self-hosted LLM inference. vLLM, llama.cpp, TGI, NVIDIA, Apple Silicon.
Related contents:
Customization of kubernetes YAML configurations.
kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.
kustomize targets kubernetes; it understands and can patch kubernetes style API objects. It's like make, in that what it does is declared in a file, and it's like sed, in that it emits edited text.
A multi-tenancy and policy-based framework for Kubernetes.
Capsule implements a multi-tenant and policy-based environment in your Kubernetes cluster. It is designed as a micro-services-based ecosystem with the minimalist approach, leveraging only on upstream Kubernetes.
The missing open-source Kubernetes UI.
Topology, events, Helm, GitOps, image inspection, audits, and MCP for AI agents - all in one open-source Kubernetes UI. Run it locally as a single binary or self-host in your cluster.
CO2 monitoring and FinGreenOps tool for K8s. Measure, understand, and reduce the carbon footprint of your Kubernetes infrastructure.
GreenKube is an open-source FinGreenOps platform for Kubernetes. It gives DevOps, SRE, and FinOps teams real-time carbon visibility and cost control — without complex setup or expensive SaaS tooling.
A ground-up reimplementation of Kubernetes in Rust.
Rūsternetes includes a built-in web console with real-time cluster topology visualization, live metrics, pod log streaming, and full resource management. It deploys automatically — embedded in the API server, no separate installation.
Kubernetes Orphaned Resources Finder.
A Golang Tool to discover unused Kubernetes Resources.
Homogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes. A Managed Kubernetes Service Done Right. Deliver fully-managed clusters at scale everywhere with your own Gardener installation.
Gardener implements the automated management and operation of Kubernetes clusters as a service and provides a fully validated extensibility framework that can be adjusted to any programmatic cloud or infrastructure provider.
Open Source Container Runtime Software.
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Related contents:
Kubernetes Progressive Delivery Controller.
Argo Rollouts is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes.
Kubernetes AI Toolchain Operator.
KAITO is an operator that automates the AI/ML model inference or tuning workload in a Kubernetes cluster. The target models are popular open-sourced large models such as falcon and phi-3.
Related contents:
agent-sandbox enables easy management of isolated, stateful, singleton workloads, ideal for use cases like AI agent runtimes.
Related contents:
Complete guide explaining how to build and run a virtualized small Kubernetes cluster with a single Proxmox VE standalone node on a single computer.
Jurassic Park Unix System style Kubernetes resource viewer.
A 3D Kubernetes resource viewer inspired by the FSN (File System Navigator) from Jurassic Park. Fly through your cluster like it's 1993.
Related contents:
A compiled list of links to public failure stories related to Kubernetes. Most recent publications on top.
Related contents:
Cleaner is a Kubernetes controller that identifies unused or unhealthy resources, helping you maintain a streamlined and efficient Kubernetes cluster. It provides flexible scheduling, label filtering, Lua-based selection criteria, resource removal or update and notifications via Slack, Webex and Discord. it can also automate clusters operations.
A toolkit to run Ray applications on Kubernetes.
KubeRay is a powerful, open-source Kubernetes operator that simplifies the deployment and management of Ray applications on Kubernetes.
Cloud native batch scheduling system for compute-intensive workloads.
Volcano is a Kubernetes-native batch scheduling system, extending and enhancing the capabilities of the standard kube-scheduler. It provides a comprehensive set of features specifically designed to manage and optimize various batch and elastic workloads, including Artificial Intelligence (AI) / machine learning (ML) / deep learning (DL), bioinformatics / genomics, and other "Big Data" applications.
Universal Sandbox Infrastructure for AI Applications.
Securely run commands, filesystems, code interpreters, browsers, and developer tools in isolated runtime environments.
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.
Convert Ingress resources to Gateway API resources.
Ingress2gateway helps translate Ingress and provider-specific resources (CRDs) to Gateway API resources. Ingress2gateway is managed by the Gateway API SIG-Network subproject.
Related contents:
Kubernetes Add-on Controller. Manage and Deploy Add-ons.
Sveltos is a Kubernetes add-on controller. It makes deploying and managing Kubernetes add-ons and applications easier across multiple clusters. This works for on-prem, cloud, or multitenant setups. Sveltos Kubernetes add-on controller programmatically deploys add-ons and applications in tens of clusters. Support for ClusterAPI powered clusters, Helm charts, kustomize ,YAMLs. Sveltos has built-in support for multi-tenancy.
Related contents:
Topomatik automatically reflects your underlying infrastructure in Kubernetes node topology labels, because manually updating topology is about as fun as untangling holiday lights 🎄
Related contents:
kubectl for AI Agents. Enterprise AI agent orchestration. Manage, monitor, and scale your AI workforce.
Helm chart, that enables scheduled scaling of a target resource, intended to be add overprovisioning to an autoscaling k8s cluster.
Helm Chart for overprovisioning an autoscaling Kubernetes Cluster, based on the Cluster Proportional Autoscaler and a deployment, that's acting as a "placeholder" for overprovisioning which is inspired by Cluster Overprovisioning Helm Chart from Delivery Hero.
Related contents:
Kubernetes simplified, containerized, and democratized for rootless environments.
Single-node rootless Kubernetes cluster running in a Podman container.
Autonomous AI Agents for Infrastructure. Claude Code for infrastructure. Debug, act, and audit everything Fluid does on your infrastructure.
Fluid is a terminal agent that do work on production infrastructure like VMs/K8s cluster/etc. by making sandbox clones of the infrastructure for AI agents to work on, allowing the agents to run commands, test connections, edit files, and then generate Infra-as-code like an Ansible Playbook to be applied on production.
Kubernetes-native AI serving platform for scalable model serving.
Related contents:
The first open-source platform for automated database provisioning and management. It supports multiple database technologies and can be hosted on any Kubernetes infrastructure, in the cloud or on-premises.
OpenEverest is an open-source platform for automated database provisioning and management. It supports multiple database technologies and can be hosted on any Kubernetes infrastructure, in the cloud or on-premises.
Related contents:
Kubernetes usage analytics for CPU, Memory, and GPU — track costs and optimize cluster resources.
kube-opex-analytics is a Kubernetes usage accounting and analytics tool that helps organizations track CPU, Memory, and GPU resources consumed by their clusters over time (hourly, daily, monthly).
A tool to generate Kubernetes manifests from templates.
A powerful tool for generating ArgoCD Applications and their rendered Kubernetes resources from Helm, Kustomize, and Jinja2 — across multiple environments, at scale.
Kubernetes, Docker and Podman Container Management Platform.
Related contents:
Lightweight Container Runtime for Kubernetes.
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. CRI-O follows the Kubernetes release cycles with respect to its minor versions (1.x.y). Patch releases (1.x.z) for Kubernetes are not in sync with those from CRI-O, because they are scheduled for each month, whereas CRI-O provides them only if necessary. If a Kubernetes release goes End of Life, then the corresponding CRI-O version can be considered in the same way.
Related contents:
Advanced Kubernetes Architecture Security Tool.
This tool allows to perform the reconstruction of complex attack paths by graph generation in a Kubernetes cluster. It uses Neo4j for the storage of objects and relationships in database as well as neodash for visualization. The language Cypher as MySQL allows queries to the database to retrieve graphs. It can be used by security auditors to quickly identify attack paths or security experts to monitor theses paths.
Related contents:
Kubevious (pronounced [kju:bvi:əs]) is a suite of app-centric assurance, validation, and introspection products for Kubernetes. It helps running modern Kubernetes applications without disasters and costly outages by continuously validating application manifests, cluster state, and configuration. Kubevious projects detect and prevent errors(typos, misconfigurations, conflicts, inconsistencies) and violations of best practices. Our secret sauce is based on the ability to validate across multiple manifests and look at the configuration from the application vantage point.
Make shipping applications more enjoyable.
KubeVela is a modern software delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.
AI Agent for Troubleshooting Cloud-Native Environments. Your 24/7 On-Call AI Agent - Solve Alerts Faster with Automatic Correlations, Investigations, and More.
HolmesGPT is an AI agent for investigating problems in your cloud, finding the root cause, and suggesting remediations. It has dozens of built-in integrations for cloud providers, observability tools, and on-call systems.
Related contents:
A list of all the different methods I found to deploy Kubernetes.
A comprehensive list of ways to deploy Kubernetes, organized by deployment type.
kamera is a simulation toolkit for observing, analyzing, and verifying the behavior of Kubernetes control planes.
kamera is a toolkit for observing, analyzing, and verifying the behavior of the Kubernetes control plane. It is designed specifically for controllers built with controller-runtime, providing targeted instrumentation to capture the behaviors of individual controllers as well as the interactions between them.
Related contents:
This site documents how to develop, deploy, and test a Container Storage Interface (CSI) driver on Kubernetes.
The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Container Orchestration Systems (COs) like Kubernetes. Using CSI third-party storage providers can write and deploy plugins exposing new storage systems in Kubernetes without ever having to touch the core Kubernetes code.
CSI driver built on top of rclone bringing cloud storage mounts to your pods with ease.
This driver enables Kubernetes pods to mount cloud storage backends as persistent volumes using rclone, supporting 50+ storage providers including S3, Google Cloud Storage, Azure Blob, Dropbox, and many more.
Kubernetes Compliance & Security Checks Extension. Browser extension for Kubernetes YAML guardrails – security & compliance linting directly in GitHub/GitLab.
Guardon is a lightweight browser extension that helps developers and reviewers detect common Kubernetes misconfigurations and security issues directly on code hosting sites (GitHub, GitLab, Bitbucket) or from pasted YAML. It parses multi-document YAML, applies configurable rules, and can suggest safe fixes.
Related contents:
Open Source Cloud Security Scanner.
An open source, cloud-native security to protect everything from build to runtime.
cnspec assesses your entire infrastructure's security and compliance. It finds vulnerabilities and misconfigurations across public and private cloud environments, Kubernetes clusters, containers, container registries, servers, endpoints, SaaS products, infrastructure as code, APIs, and more.
A powerful policy as code engine, cnspec is built upon Mondoo's security data fabric. It comes configured with default security policies that run right out of the box. It's both fast and simple to use!
Ingress NGINX Controller for Kubernetes.
ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
Related contents:
- Ingress NGINX Retirement: What You Need to Know @ Kubernetes Contributors.
- Migration assistance from Ingress NGINX to HAProxy Kubernetes Ingress Controller @ HAProxy.
- Another open source project dies of neglect, leaving thousands scrambling @ The Register.
- Navigating the ingress-nginx archival: why now is the time to move to Cilium @ CNCF.
- Before You Migrate: Five Surprising Ingress-NGINX Behaviors You Need to Know @ kubernetes.
A Kubernetes controller and tool for one-way encrypted Secrets.
Problem: "I can manage all my K8s config in git, except Secrets." Solution: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.
Related contents:
🪁 A modern, lightweight Kubernetes dashboard.
Kite is a lightweight, modern Kubernetes dashboard that provides an intuitive interface for managing and monitoring your Kubernetes clusters. It offers real-time metrics, comprehensive resource management, multi-cluster support, and a beautiful user experience.
flannel is a network fabric for containers, designed for Kubernetes. Flannel is a simple and easy way to configure a layer 3 network fabric designed for Kubernetes.
Flannel is responsible for providing a layer 3 IPv4 network between multiple nodes in a cluster. Flannel does not control how containers are networked to the host, only how the traffic is transported between hosts. However, flannel does provide a CNI plugin for Kubernetes and a guidance on integrating with Docker.
Related contents:
2048 game with DevOps practices.
A fully containerized and cloud-native implementation of the classic 2048 game with complete CI/CD pipeline, Kubernetes deployment, and Infrastructure as Code.
The Airgap Native Package Manager for Kubernetes. airplane mode for your application delivery.
A free open source tool that enables continuous software delivery on systems that are disconnected from the internet. Zarf is a free and open source tool that enables declarative creation & distribution of software into air-gapped/constrained/standalone environments. Zarf provides a way to package and deploy software in a way that is repeatable, secure, and reliable.
Related contents:
A modern open-source Kubernetes auditing and investigation tool.
Replik8s is a modern open-source Kubernetes auditing and investigation tool. It is designed to address the common limitations of traditional security tools, which rely on narrow data collection and predefined logic. RepliK8s allows cloning Kubernetes clusters and serving back exact replicas of the original data, as well as conducting analysis through a tool-agnostic query language.
More than an edge OS . The immutable Linux meta-distribution for edge Kubernetes.
Transform your Linux system and preferred Kubernetes distribution into a secure bootable image for your edge devices.
With Kairos you can build immutable, bootable Kubernetes and OS images for your edge devices as easily as writing a Dockerfile. Optional P2P mesh with distributed ledger automates node bootstrapping and coordination. Updating nodes is as easy as CI/CD: push a new image to your container registry and let secure, risk-free A/B atomic upgrades do the rest. Kairos is part of the Secure Edge-Native Architecture (SENA) to securely run workloads at the Edge.
Related contents:
Flexible and scalable Kubernetes multi-cluster management solution. The limitless expansion of Kubernetes. Make Kubernetes without boundaries
Kosmos is an open-source, all-in-one distributed cloud-native solution. The name "kosmos" combines 'k' representing Kubernetes and 'cosmos' which means universe in Greek, symbolizing the limitless expansion of Kubernetes. Currently, Kosmos primarily consists of three major modules: ClusterLink, ClusterTree and Scheduler. Additionally, Kosmos is equipped with a tool called kosmosctl, which allows for quick deployment of Kosmos components, adding clusters, and testing network connectivity.
Networking component for interconnecting Pods and Services across Kubernetes clusters.
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.
Lighthouse provides DNS discovery to Kubernetes clusters connected by Submariner in multi-cluster environments.
Open Source Cloud Security Tool.
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more.
Related contents:
Docker Registry UI.
A simple, lightweight UI for exploring and managing Docker/OCI container registries.