03.19.20

50+ Useful Kubernetes Tools List – Part 2

By JP La Torre
50+ #KubernetesTools List - Part 2

Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.

According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.

And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.

Kubernetes Categories List:

Kube Cluster Deployment Tools

Monitoring Tools

Testing

Security

Helpful CLI Tools

Development Tools

Continuous Integration/ Continuous Delivery Pipeline

Serverless/Function Tools

Service Mesh Tools

Native Service Discovery

Native Visualization & Control

Kube Cluster Deployment Tools

#Keel

1.Keel  

A Kubernetes Operator which automates DaemonSet, StatefulSet, Helm, and  Deployment updates. It is a single command use to build whole Keel project binaries, with no dependencies, no custom configuration files, and no lock-in.

Link:  https://keel.sh/

 2.Kube-prod-runtime 

A services collection in Kubernetes which makes running production workloads easy. This service enables Kubernetes clusters to monitor performance, enable logging, implement certification management, and allow for the automatic discovery of resources in K8s via public DNS servers. Also for other necessary infrastructure needs.

Link: https://github.com/bitnami/kube-prod-runtime/

 3.K3sup  

Install k3sup and generate a kubeconfig on any local or remote VM in minutes using this tool.

Link: https://github.com/alexellis/k3sup

Monitoring Tools

4.Kube-state-metrics 

A basic program that was created to listen to the Kubernetes API server and help generate metrics on the state of the objects. It focuses on the health of the various objects inside a cluster, this includes nodes, pods, and deployment.

Link: https://github.com/kubernetes/kube-state-metrics

 5.Rakess 

Rakess helps you see all the provided Kubernetes cluster access rights. To check a single resource command, use “kubectl auth can-i list deployments,” however it does not provide a complete overview.

Link: https://github.com/corneliusweig/rakkess

Testing

6.Kubeval 

A tool to validate Kubernetes YAML or JSON configuration file. Fulfil this process by running Kubernetes OpenAPI specification which generates a schema used by multiple versions of Kubernetes in validating.

Link: https://github.com/instrumenta/kubeval

 7.Helm-kubeval 

A Helm Plugin used in Kubernetes Schemas for validating Charts. You can also select specific Kubernetes versions to validate the charts.

Link: https://github.com/instrumenta/helm-kubeval

 8.BotKube 

BotKube can monitor, debug and run checks on your Kubernetes clusters. Integrate the tool too in various messaging platforms like Slack and Mattermost. Open source and easy to configure.

Link: https://www.botkube.io/ 

#Sonobuoy

 9.Sonobuoy   

Sonobuoy is a great diagnostic tool for testing conformance, workload debugging, and custom tests to determine the state of your Kubernetes cluster. Tests are done in a non-destructive manner and its diagnostics generate clear, informative reports of your cluster.

Link: https://sonobuoy.io/

#Snykcontainer

 10.Snyk Container 

Snyk aims to consistently have the means for you to detect and fix vulnerabilities in your containers and applications throughout the Software Development Life Cycle.

Link: https://snyk.io/product/container-vulnerability-management/

Security

11.Kubectl-aws-secrets 

Use this program to create a golang executable which imports an AWS SSM parameters service that helps you protect access to your applications, services, and IT resources into Kubernetes as secrets. Further use this golang executable tool can to build a Helm plugin or use it as a kubectl plugin.

Link: https://github.com/xmin-github/kubectl-aws-secrets

 12.Helm-aws-secret-plugin 

Does exactly what it states in the name, a Helm AWS secrets plugin.

Link: https://github.com/xmin-github/helm-aws-secret-plugin

 13.Harbor   

Use Harbor to secure your container image registries with role-based access control. The tool will scan images for vulnerabilities and sign them as trusted.

Link: https://goharbor.io/

 14.Kubesec   

A security risk analysis tool for your Kubernetes resources.

Link: https://kubesec.io/

 15.Permission-Manager   

Permission-Manager does exactly what you would think. Developed by SIGHUP, Permission-Manager is an application that enables super easy  Role-Based Access Control management for Kubernetes. Create users, assign namespaces/permissions, and distribute Kubeconfig YAML files.

Link: https://github.com/sighupio/permission-manager

 16.Kube-scan   

A new tool by Octarine which focuses on risk assessment in your Kubernetes workloads, runs as a pod in your clusters, and assesses 30 security settings to create a risk baseline. The tool then analyzes which work in tandem to understand what combinations will decrease your risk levels.

Link: https://www.octarinesec.com/solution-item/kube-scan/

 17.K-rail   

K-rail is for when you need a bit more control in your policy enforcement. There are a variety of easy privilege escalation routes you can take but in a multi-tenant cluster, those features could be dangerous or introduce instability.

Link: https://github.com/cruise-automation/k-rail

 18.Kube2iam

Kube2iam provides IAM roles within your pods in Kubernetes, circumventing the standard⁠—and potentially dangerous⁠—system of containers having access to AWS resources using a union of IAM roles.

Kube2iam: https://github.com/jtblin/kube2iam

19. KIAM

KIAM shares many similarities in its function to Kube2iam, but you may want to have a look at each one to determine if its use case best suits your needs. You can see a breakdown of the differences and use cases of KIAM and Kube2IAM here.

KIAM: https://github.com/uswitch/kiam

#KeyCloak

20.KeyCloak   

KeyCloak is an Open Source Access and Identity Management tool which adds application authentication and helps secure services with minimum fuss. Removes the need to deal with storing users and authentication users. It is now available out of the box.

Link: https://www.keycloak.org

#Tigera

21.Tigera 

From the creators of Project Calico, Tigera brings you a suite of network security solutions for your Kubernetes needs with support for multi-cloud and legacy environments using an automated universal security policy that is delivered by code.

Link: https://www.tigera.io/

22.Palo Alto Kubernetes Security 

Whilst still in Beta, this is a repository for Palo Alto’s Kubernetes Security, it contains YAML files to deploy containerized firewalls.

Link: https://github.com/PaloAltoNetworks/Kubernetes

 23.Klum 

Klum, or, Kubernetes Lazy User Manager, does simple tasks such as create/delete/modify users, issues kubeconfig files and manages roles associated with users.

Link: https://github.com/ibuildthecloud/klum

 24.Secrets OPerationS 

Secrets OPerationS, or SOPS, is considered one of the best tools for managing your Kubernetes secrets, it works seamlessly with AWS Key Management Service and GCP Key Management Service, plus Pretty Good Privacy (PGP) and Azure Key Vault.

Check out our full article on using SOPS here: Managing Kubernetes Secrets Using Secrets OPerationS

Link: https://github.com/mozilla/sops

#StrongDM

 25.StrongDM 

StrongDM is a control plane for securing and auditing access to your servers and/or databases. Don’t miss our recent article on how to leverage strongDM to maximise your database security and authentication. Read the full piece here: Identity and Access for Servers and Databases with StrongDM

Link: https://strongdm.com/

Helpful CLI Tools

#Krew

26.Krew 

Krew helps developers to discover useful kubectl plugins and install/manage them for your programs. This tool is similar to APT, DNF or Homebrew

Link: https://github.com/kubernetes-sigs/krew/

 27.Ksniff   

A plugin in for kubectl that makes effective use of Wireshark and tcpdump to start a remote capture of a Kubernetes cluster pod.

Link: https://github.com/eldadru/ksniff

 28.Kube-ps1   

Kube-ps1 is a Zsh plugin, it will help you see which namesake or context you’re pointing out, no commands needed.

Link: https://github.com/jonmosco/kube-ps1

 29.eksctl  

Eksctl is a simple command-line interface tool for creating and managing upgrades of a cluster. Also supports the configuration and use of Custom Amazon Machine Images (AMI), this enables a number of advanced use cases such as using custom AMIs or querying AWS in real-time to ascertain which AMI is necessary.

Link: https://eksctl.io/

 30.Kubefwd   

If you’re running Kubernetes services on a remote cluster, use Kubefwd to forward it to a local workstation. No modifications needed, if you use kubectl, you already meet the requirements.

Link: https://github.com/txn2/kubefwd

 31.Kubeterminal   

This is more of a helper tool that complements kubectl and your terminal in Kubernetes.

Link: https://github.com/samisalkosuo/kubeterminal

#Skaffold

 32.Skaffold   

Skaffold is a command-line tool that helps developers for continuous Kubernetes application development. Skaffold is very lightweight and does not require a cluster-side component.

Check out our recent post on using Kubernetes Development in Real-Time with Skaffold here for an in-depth look at the tool.

Link: https://skaffold.dev/

#Tilt

 33.Tilt  

For when you spend most of your time at the command line, Tilt syncs your changes to your cluster for you to see how your iterations affect the whole. As everything spins up, Tilt shows you the status of each resource, browse logs for each, or see it all multiplexed. All updates are done IN container, making it super fast.

Link: https://tilt.dev/

Development Tools

34.Helm-2to3 

A Helm V3 plugin created to help developers migrate and clean up configuration created in Helm V2 and releases in-place to Helm V3.

Link: https://github.com/helm/helm-2to3

#Rook

 35.Rook  

Rook helps you to automate a variety of tasks that are central for a storage administrator such as deployment, bootstrapping, scaling, upgrading, etc. It ensures that whatever storage provider you choose, it runs consistently on Kubernetes.

Link: https://rook.io/

#Contour

 36.Contour  

Contour is a Kubernetes ingress controller, it provides the control plane for the Envoy edge and service proxy.

Link: https://projectcontour.io/

 37.Kubebuilder  

This will link you to an in-depth guide on how to develop your own Kubernetes API, giving you an insight into how they’re designed and implemented.

Link: https://book.kubebuilder.io/

 38.Shell-operator  

Shell Operator helps simplify the creation of Kubernetes operators.

Link: https://github.com/flant/shell-operator

 39.Helm-operator-get-started  

A tool that will help manage your Helm releases.

Link: https://github.com/fluxcd/helm-operator-get-started

#Kudo

 40.Kudo  

Kudo is a toolkit that simplifies building Kubernetes Operators, mainly using YAML. It will provide you with pre-built Operators that you can customize out of the box.

Link: https://kudo.dev/

 41.Helm-docs 

This tool will generate automatic documentation from Helm charts into a markdown file. This file will contain metadata about your chart, including a table with all your chart’s values and defaults.

Link: https://github.com/norwoodj/helm-docs

Continuous Integration/ Continuous Delivery Pipeline

#Rafay

42.Rafay 

Rafay is a software tool that can simplify companies or individuals in building in-house platforms, automation frameworks, and app life cycle management. It can also run Kubernetes clusters. Contact us at Caylent here about how to get started personally with Rafay.

Link: https://rafay.co/

#Rancher

 43.Rancher   

Rancher is a complete software platform that easily deploys containerized environments going beyond Kubernetes installers such as Kops and Kubespray. The platform provides a variety of features including infrastructure management, container scheduling/orchestration, monitoring/health-checks/logging, and a powerful role-based access control system.

Link: https://rancher.com/

#Draft

 44.Draft 

Made by the same people who brought you Helm. Its goal is to simplify applications built to run on Kubernetes. Using two simple commands, you can begin hacking on container-based applications, without even needing Docker or Kubernetes.

Link: https://draft.sh/

Serverless/Function Tools

45.Knative 

Knative is an open-source Kubernetes-based platform that provides a set of building blocks to simplify the use of Kubernetes and Istio for managing and operating Lambda functions.

Link: https://cloud.google.com/knative/

Service Mesh Tools

#Kiali

46.Kiali 

Kiali helps developers to observe, define, and validate the connections and microservices of an Istio service mesh. It creates visual graph representation of a service mesh topology and provides insight to features such as circuit breakers, request routing, latency, circuit breakers, and more.

Link: https://www.kiali.io/documentation/features/

#Kuma

 47.Kuma   

A universal open-source service mesh and microservices control-panel that can be operated and run natively on both VM environment and Kubernetes. For easy adaptation of every team in an organization.

Link: https://github.com/Kong/kuma

 48.Tenkai   

Tenkai is a microservices manager based on Helm Charts. The tool uses a Web GUI interface to bring up repositories from Helm Charts and easily configure and deploy them.

Link: https://github.com/softplan/tenkai

Native Service Discovery

#VertX

49.Vert.X Service Discovery 

A repository for a plethora of service discovery tools, use Vert.X to discover and register service applications exposed by your microservice applications. Services can also be imported from Kubernetes (plus Docker and Consul).

Link: https://github.com/vert-x3/vertx-service-discovery

Native Visualization & Control

#Octant

50.Octant  

An open-source web-based tool that allows you to visualize your Kubernetes workloads and provides you with real-time updates on your workloads.

Link: https://octant.dev/

51.Kubernetic 

Kubernetic provides features such as real-time visualization of the cluster and updates as well as supporting multiple clusters. The tool is designed to help developers with easy and fast deployment of public or private chart recipes.

Link: https://kubernetic.com/


Caylent provides a critical DevOps-as-a-Service function to high growth companies looking for expert support with Kubernetes, cloud security, cloud infrastructure, and CI/CD pipelines. Our managed and consulting services are a more cost-effective option than hiring in-house, and we scale as your team and company grow. Check out some of the use cases, learn how we work with clients, and read more about our DevOps-as-a-Service offering.

References

Kubernetes adoption & market share skyrockets | StackRox · StackRox: Cloud-Native, Container, and Kubernetes Security. StackRox. (2020). Retrieved 27 February 2020, from https://www.stackrox.com/kubernetes-adoption-and-security-trends-and-market-share-for-containers/.