Updated September 2020
50+ Useful Kubernetes Tools for 2020 Table of Contents:
Continuous Integration/ Continuous Delivery Pipeline
Native Visualization & Control
In the last few years, Kubernetes has laid waste to its fellow competitors in the battlefield of container orchestration. Sadly, Docker Swarm hasn’t been a major contender since 2016 and, like AWS, admitted defeat by pledging K8s support and integration.
Since Kubernetes has skyrocketed to popularity as the container solution of choice, here’s a comprehensive list of all the tools that complement K8s to further enhance your development work.
Also, check out part 2 of our most useful Kubernetes Tools
Kube Cluster Deployment
Kubespray provides a set of Ansible roles for Kubernetes deployment and configuration. Kubespray can use AWS, GCE, Azure, OpenStack or a bare metal Infrastructure as a Service (IaaS) platform. Kubespray is an open-source project with an open development model. The tool is a good choice for people who already know Ansible as there’s no need to use another tool for provisioning and orchestration. Kubespray uses kubeadm under the hood.
Minikube allows you to install and try out Kubernetes locally. The tool is a good starting point for Kubernetes exploration. Easily launch a single-node Kubernetes cluster inside a virtual machine (VM) on your laptop. Minikube is available on Windows, Linux, and OSX. In just 5 minutes you will be able to explore Kubernetes’ main features. Launch the Minikube dashboard straight-from-the-box with just one command.
Kubeadm is a Kubernetes distribution tool since version 1.4. The tool helps to bootstrap best-practice Kubernetes clusters on existing infrastructure. Kubeadm cannot provision infrastructure for you though. Its main advantage is the ability to launch minimum viable Kubernetes clusters anywhere. Add-ons and networking setup are both out of Kubeadm’s scope though, so you will need to install this manually or using another tool.
Kops helps you create, destroy, upgrade, and maintain production-grade, highly available Kubernetes clusters from the command line. Amazon Web Services (AWS) is currently officially supported, with GCE in beta support, and VMware vSphere in alpha, and other platform support is planned. Kops allows you to control the full Kubernetes cluster lifecycle; from infrastructure provisioning to cluster deletion.
Bootkube is a great tool for launching self-hosted Kubernetes clusters. It helps you set up a temporary Kubernetes control plane which will operate until the self-hosted control-plane is able to handle requests.
6. Kubernetes on AWS (Kube-AWS)
Kube-AWS is a console tool provided by CoreOS which deploys a fully-functional Kubernetes cluster using AWS CloudFormation. Kube-AWS allows you to deploy a traditional Kubernetes cluster and automatically provision every K8s service with native AWS features (e.g., ELB, S3, and Auto Scaling, etc.).
JAAS, is Juju as a service which simplifies how you configure, scale and operate today’s complex software. Juju deploys everywhere: to public or private clouds. JAAS deploys your workload to your cloud of choice.
Conjure-up is another Canonical product which allows you to deploy “The Canonical Distribution of Kubernetes on Ubuntu” with a few simple commands. It supports AWS, GCE, Azure, Joyent, OpenStack, VMware, bare metal, and localhost deployments. Juju, MAAS, and LXD are the underlying technology for Conjure-up.
9. Amazon EKS
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service which makes it simple to deploy, manage, and scale containerized applications using Kubernetes. Amazon EKS manages your Kubernetes infrastructure across multiple AWS Availability Zones, while automatically detecting and replacing unhealthy control plane nodes, and providing on-demand upgrades and patching. You simply provision worker nodes and connect them to the provided Amazon EKS endpoint.
Cost: Pay for the resources used
Kubebox is a terminal console for Kubernetes cluster which allows you to manage and monitor your cluster-live status with a nice, old-school interface. Kubebox shows your pod resource usage, cluster monitoring, and container logs, etc. Additionally, you can easily navigate to the desired namespace and execute into the desired container for fast troubleshooting/recovery.
11. Kubernetes Operational View (Kube-ops-view)
Kube-ops-view is a read-only system dashboard for multiple K8s clusters. With Kube-ops-view you can easily navigate between your cluster and monitor nodes as well as your pod’s healthiness. Kube-ops-view animates some Kubernetes processes such as pod creation and termination. It also uses Heapster as a source of data.
Kubetail is a small bash script which allows you to aggregate logs from multiple pods into one stream. The initial Kubetail version doesn’t have filtering or highlighting features, but there is an additional Kubetail fork on Github. This can form and perform logs coloring using multitail tools.
Kubewatch is a Kubernetes watcher which can publish K8s events to the team communication app, Slack. Kubewatch runs as a pod inside Kubernetes clusters and monitors changes that occur in the system. You can specify the notifications you want to receive by editing the configuration file.
14. Weave Scope
Weave Scope is a troubleshooting and monitoring tool for Docker and Kubernetes clusters. It can automatically generate applications and infrastructure topologies which can help you to identify application performance bottlenecks easily. You can deploy Weave Scope as a standalone application on your local server/laptop, or you can choose the Weave Scope Software as a Service (SaaS) solution on Weave Cloud. With Weave Scope, you can easily group, filter or search containers using names, labels, and/or resource consumption.
Cost: Free in standalone mode
Standard mode – 30% per month (free 30-day trial)
Enterprise mode – 150$ per node/month
Prometheus monitoring has fast become the go-to tool for Kubernetes monitoring tool. It offers a multi-dimensional data model and a very user-accessible format and protocols. Exposing Prometheus metrics in Kubernetes is a pretty straightforward task. The data scraped is human readable, in a self-explanatory format, and published using a standard HTTP transport.
Searchlight by AppsCode is a Kubernetes operator for Icinga. Searchlight periodically runs various checks on Kubernetes clusters and alerts you via email, SMS or chat if something goes wrong. Searchlight includes a default suite of checks written specifically for Kubernetes. Also, it can enhance Prometheus monitoring with external black-box monitoring and serves as a fallback in case internal systems completely fail.
CAdvisor is installed by default on all cluster nodes to collect metrics for Kubernetes about running containers and nodes. CAdvisor Kubelet exposes these metrics through Kubelet APIs (with a default of one-minute resolution). The Metrics Server identifies all available nodes and calls Kubelet API to get containers and nodes resources usage before exposing the metrics through Kubernetes aggregation API.
kube-state-metrics generates metrics from Kubernetes API objects without modification by listening to the Kubernetes API server. It doesn’t examine the health of individual Kubernetes components so much as it focuses on the health of the various objects inside, such as deployments, nodes and pods.
19. Sumo Logic App
The Sumo Logic Kubernetes App offers complete visibility into the worker nodes within your clusters, as well as for their application logs. The app allows users to monitor and troubleshoot container health, replication, load balancing, pod state and hardware resource allocation. The App utilizes Falco events to monitor and detect anomalous container, application, host, and network activity.
Price: Professional $108/ month, Enterprise $180/ month
Dynatrace OneAgent is container-aware and comes with built-in support for out-of-the-box monitoring of Kubernetes. Dynatrace provides full-stack monitoring for Kubernetes, i.e. monitoring from the application down to the infrastructure layer. However, if you don’t have access to the infrastructure layer, Dynatrace provides also the option of application-only monitoring.
Price: Free to quote-based plan
Kube-monkey is the Kubernetes’ version of Netflix’s Chaos Monkey. Kube-monkey is a tool that follows the principles of chaos engineering. It can delete K8s pods at random, check services are failure-resilient, and contribute to your system’s healthiness. Kube-monkey is also configured by a TOML file where you can specify which app is to be killed and when to practice your recovery strategies.
K8s-testsuite is made up of 2 Helm charts which work for network bandwidth testing and load testing a single Kubernetes cluster. Load tests emulate simple web-servers with loadbots which run as a Kubernetes microservice based on the Vegeta. Network tests use iperf3 and netperf-2.7.0 internally and run three times. Both sets of tests generate comprehensive log messages with all results and metrics.
Test-infra is a collection of tools for Kubernetes testing and results verification. Test-infra includes a few dashboards for displaying history, aggregating failures, and showing what is currently testing. You can enhance your test-infra suite by creating your own test jobs. Test-infra can perform end-to-end Kubernetes testing with full Kubernetes lifecycle emulation on different providers using the Kubetest tool.
Sonobuoy allows you to understand your current Kubernetes cluster state by running a set of tests in an accessible and non-destructive manner. Sonobuoy generates informative reports with detailed information about cluster performance. Sonobuoy supports 3 Kubernetes minor versions: the current release and 2 minor versions before. Sonobuoy Scanner is a browser-based tool which allows you to test Kubernetes clusters in a few clicks, but the CLI version has a bigger set of tests available.
PowerfulSeal is a tool similar to Kube-monkey and follows the Principles of Chaos Engineering. PowerfulSeal can kill pods and remove/add VMs from or to your clusters. In contrast to Kube-monkey, PowefulSeal has an interactive mode which allows you to manually break specific cluster components. Also, PowefulSeal doesn’t need external dependencies apart from SSH.
Trireme is a flexible and straightforward implementation of the Kubernetes Network Policies. Trireme works in any Kubernetes cluster and allows you to manage traffic between pods from different clusters. The main advantages of Trireme are the lack of a need for any centralized policy management, the ability to easily organize the interaction of the two resources deployed in Kubernetes, and the lack of complexities of SDN, VLAN tags, and subnets (Trireme uses a conventional L3-network).
Aporeto provides security for containers, microservices, cloud and legacy applications based on workload identity, encryption, and distributed policies. As Aporeto policies function independently of the underlying infrastructure, security policies can be enabled across Kubernetes clusters or over hybrid environments that include Kubernetes and non-Kubernetes deployments.
Cost: Contact Aporeto for a demo
Twistlock continually monitors your applications deployed on K8s for vulnerability and compliance issues, including the underlying host as well as containers and images. In addition, Twistlock Runtime Defense automatically models container behavior, allowing known, good behavior while alerting on or blocking anomalous activity. Finally, Twistlock provides both layer 3 microsegmentation as well as a layer 7 firewall that can protect front end microservices from common attacks.
Cost: Contact Caylent directly for pricing or to request a free trial
Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Falco is based on the Sysdig Project, an open source tool (and now a commercial service), built for monitoring container performance by way of tracking kernel system calls. Falco lets you continuously monitor and detect container, application, host, and network activity with one set of rules.
Cost: Free as a standalone tool
Basic Cloud: $20 per month (free trial)
Pro Cloud: $30 per month
Pro Software: Custom price
30. Sysdig Secure
Sysdig Secure, part of the Sysdig Container Intelligence Platform, comes out-of-the-box with unmatched container visibility and deep integrations with container orchestration tools. These include Kubernetes, Docker, AWS ECS, and Apache Mesos. With Sysdig Secure you can Implement service-aware policies, block attacks, analyze your history, and monitor cluster performance. Sysdig Secure is available as cloud and on-premise software offerings.
Cost: Free as a standalone tool
Pro Cloud: Custom price
Pro Software: Custom price
Kubesec.io is a service which allows you to score Kubernetes resources for security feature usage. Kubesec.io verifies resource configuration according to Kubernetes security best-practices. As a result, you will have total control and additional suggestions for how to improve overall system security. The site also contains plenty of external links related to containers and Kubernetes security.
Helpful CLI Tools
Update: This project is currently not under active development
Cabin functions as a mobile dashboard for the remote management of Kubernetes clusters. With Cabin, users can quickly manage applications, scale deployments, and troubleshoot overall K8s cluster from their Android or iOS device. Cabin is a great tool for operators of K8s clusters as it allows you to perform quick remediation actions in case of incidents.
Update: Kubectx has now been re-written in Go, with stable bash versions still available
Kubectx is a small open-source utility tool which enhances Kubectl functionality with the possibility to switch context easily and connect to a few Kubernetes clusters at the same time. Kubens allows you to navigate between Kubernetes namespaces. Both tools have an auto-completion feature on bash/zsh/fish shells.
Kube-shell increases your productivity when working with kubectl. Kube-shell enables command auto-completion and auto-suggestion. Also, Kube-shell will provide in-line documentation about executed command. Kube-shell even can search and correct commands when wrongly typed. It’s a great tool to increase your performance and productivity in the K8s console.
Kail is short for Kubernetes tail and works for Kubernetes clusters. With Kail, you can tail Docker logs for all matched pods. Kail allows you to filter pods by service, deployment, labels, and other features. Pods will be added (or removed) automatically to the log after a launch if it matches the criteria.
Telepresence provides the possibility to debug Kubernetes clusters locally by proxy data from your Kubernetes environment to the local process. Telepresence is able to provide access to Kubernetes services and AWS/GCP resources for your local code as it will be deployed to the cluster. With Telepresence, Kubernetes counts local code as a normal pod within your cluster.
Helm is a package manager for Kubernetes. It is like APT/Yum/Homebrew, but for Kubernetes. Helm operates with Charts which is an archive set of Kubernetes resource manifests that make up a distributed application. You can share your application by creating a Helm chart. Helm allows you to create reproducible builds and manage Kubernetes manifests easily.
The Jaeger Operator is an implementation of a Kubernetes Operator and provides another method of packaging, deploying, and managing a Kubernetes application.
turbonomic’s kubernetes-as-a-service (KaaS) management capabilities include support for Amazon Elastic Container Service for Kubernetes (EKS), Microsoft Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Pivotal Container Service (PKS). Self-managing Kubernetes optimizes performance, efficiency, and compliance so IT organizations can scale and accelerate cloud native intiatives.
Price: Custom price
Update: Active work has been discontinued on Supergiant, the project is still on Github, however.
Supergiant is an open source collection of utilities that simplify installing and managing your Kubernetes clusters. The Supergiant Kubernetes toolkit is three separate applications: Control, Analyze, and Capacity. Essentially, Supergiant acts as a microservices application that allows using these three tools separately.
Keel allows you to automate Kubernetes deployment updates and can be launched as a Kubernetes service in a dedicated namespace. With such organization, Keel introduces a minimal load on your environment and adds significant robustness. Keel helps to deploy Kubernetes service through labels, annotations, and charts. You just need to specify an update policy for each deployment or Helm release. Keel will automatically update your environment as soon as the new application version is available in the repository.
Apollo is an open source application providing teams with self-service UI for creating and deploying their services to Kubernetes. Apollo allows operators to view logs and revert deployments to any point in time with just one click. Apollo has flexible permission models for deployments. Each user can deploy only what he needs to deploy.
Draft is a tool provided by the Azure team that streamlines application development and deployment into any Kubernetes cluster. Draft creates “inner loops” between code deployment and code commits which significantly speed up the change verification process. With Draft, developers can prepare application Dockerfiles and Helm charts plus deploy applications to a remote or local Kubernetes cluster with two commands.
Kel is an open source PaaS from Eldarion, Inc. which helps to manage Kubernetes applications through the entire lifecycle. Kel provides two additional layers written in Python and Go on top of Kubernetes. Level 0 allows you to provision Kubernetes resources, and Level 1 helps you to deploy any application on K8s.
Kong, previously known as Kong Community (CE), is an open-source scalable API gateway technology initiated by Kong Inc and has a growing community. Kong allows developers to manage authentication, data encryption, logging, rate limiting and other standard features with Kubernetes that they would expect from a basic API management system. All of this is powered by a straightforward RESTful API, and the platform itself is built on top of the NGINX proxy server and the Apache Cassandra database management system.
Cost: Free 15-day trial for Kong Cloud
Continuous Integration/ Continuous Delivery Pipeline
46. Cloud 66
A full DevOps toolchain for containerized apps in production, Cloud 66 automates much of the heavy-lifting for Devs through specialized Ops tools. The platform currently runs 4,000 customer workloads on Kubernetes and manages 2,500 lines of config. By offering end-to-end infrastructure management, Cloud 66 enables engineers to build, deliver, deploy, and manage any application on any cloud or server.
Cost: Free for 14 days
Kubeless is a Kubernetes-native serverless framework that lets you deploy small bits of code without having to worry about the underlying infrastructure plumbing. Kubeless is aware of Kubernetes resources out-of-the-box and also provides auto-scaling, API routing, monitoring, and troubleshooting. Kubeless fully relies on K8s primitives, so Kubernetes users will also be able to use native K8s API servers and API gateways.
Fission is a fast serverless framework for Kubernetes with a focus on developer productivity and high performance. Fission works on a Kubernetes cluster anywhere: on your laptop, in any public cloud, or in a private data-center. You can write your function using Python, NodeJS, Go, C# or PHP, and deploy it on K8s clusters with Fission.
Update: This project is now sandboxed
For a long time, there was only one Function as a Service (FaaS) implementation available for Kubernetes: Funktion. Funktion is an open source event-driven lambda-style programming model designed for Kubernetes. Funktion is tightly coupled with the fabric8 platform. With Funktion, you can create flows to subscribe from over 200 event sources to invoke your function, including most databases, messaging systems, social media, and other middleware and protocols.
IronFunctions is an open source serverless platform or FaaS platform that you can run anywhere. IronFunction is written on Golang and really supports functions in any language. The main advantage of IronFunction is that it supports the AWS Lambda format. Import functions directly from Lambda and run them wherever you want.
Apache OpenWhisk is a robust open source FaaS platform driven by IBM and Adobe. OpenWhisk can be deployed on a local on-premise device or on the cloud. The design of Apache OpenWhisk means it acts as an asynchronous and loosely-coupled execution environment that can run functions against external triggers. OpenWhisk is available as SaaS solution on Bluemix, or you can deploy a Vagrant-based VM locally.
Cost: Free to custom price
The OpenFaaS framework aims to manage serverless functions on Docker Swarm or Kubernetes where it will collect and analyze a wide range of metrics. You can package any process inside your function and use it without repetitive coding or any other routine action. FaaS has Prometheus metrics baked-in, which means it can automatically scale your functions up and down for demand. FaaS natively supports a web-based interface where you can try out your function.
Nuclio is a serverless project which aims to proceed with high-performance events and large amounts of data. Nuclio can be launched on an on-premise device as a standalone library or inside a VM/Docker container. Also, Nuclio supports Kubernetes out of the box. Nuclio provides real-time data processing with maximum parallelism and minimum overheads. You can try out Nuclio on the playground page.
Virtual Kubelet is an open source Kubernetes Kubelet implementation that masquerades as a kubelet for the purposes of connecting Kubernetes to other APIs. Virtual Kubelet allows the nodes to be backed by other services like ACI, Hyper.sh, and AWS, etc. This connector features a pluggable architecture and direct use of Kubernetes primitives, making it much easier to build on.
Fnproject is a container native serverless project which supports practically any language and can run almost everywhere. Fn is written on Go, so it is performance-ready and lightweight. Fnproject supports AWS Lambda format style, so you can easily import your Lambda functions and launch it with Fnproject.
Service Mesh Tools
Istio is an open source service mesh intended to make it easier to connect, manage and secure traffic between, and observe telemetry about microservices running in containers. Istio is a collaboration between IBM, Google and Lyft.
57. Linkerd + Linkerd2
Linkerd (rhymes with “chickadee”) is an open source service mesh tool that makes service-to-service communication reliable, fast and safe. By intercepting network communication within the application, service meshes are able to extract metrics (“telemetry”), apply service-to-service policies and encrypt the exchange. Linkerd2 is an ultralight service mesh from Linkerd that works specifically with Kubernetes.
Links: https://linkerd.io/ and https://github.com/linkerd/linkerd2
58. Hashicorp’s Consul
Consul is a service networking solution that connects and secure sservices across any runtime platform and public or private cloud. Like the above service mesh technologies, Istio and Linkerd, HashiCorp’s Consul Connect opts for a proxy that’s deployed as a sidecar. The proxy transparently secures communication among microservices and enables policy definition through a concept known as Intentions.
Native Service Discovery
CoreDNS is a set of plugins written in Go which perform DNS functions. CoreDNS with additional Kubernetes plugins can replace the default Kube-DNS service and implement the specification defined for Kubernetes DNS-based service discovery. CoreDNS can also listen for DNS requests coming in over UDP/TCP, TLS, and gRPC.
Native Visualization & Control
60. Kubernetes Dashboard
Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It is much easier to troubleshoot and monitor K8s clusters with a native dashboard. You need to create a secure proxy channel between your machine and Kubernetes API server to access the dashboard. The native Kubernetes dashboard relies on the Heapster data collector, so it also needs to be installed in the system.
Replex is a namesake governance and cost management platform designed for working in Kubernetes environments. The tool solves the challenges surrounding Kubernetes’ dynamic nature by unifying cost and governance management for deployments in the cloud.
Price: Custom price
And that’s the complete list! As always, we’d love your feedback and suggestions for future articles. (Don’t forget to check out our 50+ Useful Docker Tools too!)
Caylent provides a critical DevOps-as-a-Service function to high growth companies looking for expert support with microservices, containers, cloud infrastructure, and CI/CD deployments. Our managed and consulting services are a more cost-effective option than hiring in-house, and we scale as your team and company grow. Check out some of the use cases, learn how we work with clients, and profit from our DevOps-as-a-Service offering too.