Awesome Kubernetes

Resources
A curated list of awesome Kubernetes tools
and resources.
Contents

1
4 Guides
Guides, Documentations, Blogs,
5 Blogs and Videos
and Learnings
5 Certification Guides

6 Learnings and Documentations

2
8 Command Line Tools
Tools and Libraries
9 Cluster Provisioning

9 Cluster Resources Management

10 Secrets Management

10 Automation and CI/CD

11 Networking

11 Storage

12 Testing and Troubleshooting

12 Backup and Restore

13 Monitoring, Alerts, and Visualization

14 Security and Compliance

14 Service Mesh

15 Development Tools

15 Data Processing and Machine Learning

16 Miscellaneous
1 | Guides, Documentations, Blogs, and Learnings

Guides, Documentations,
Blogs, and Learnings

3
1 | Guides, Documentations, Blogs, and Learnings

GUIDES

A Beginner’s Guide to Kubernetes Kubernetes The Hard Way

A comprehensive introduction to Kubernetes architecture. Kubernetes The Hard Way guides you through
bootstrapping a highly available
A Guide to the Kubernetes Networking Model Kubernetes cluster with end-to-end encryption between
A in-depth run-through of Kubernetes networking. components and RBAC authentication.

Amazon EKS Best Practices Guide for Security Kubernetes Working Group for Multi-Tenancy
This guide provides advice about protecting information, This is a working place for multi-tenancy related proposals
systems, and assets that are reliant on EKS while and prototypes.
delivering business value through risk assessments and
mitigation strategies. Production grade Kubernetes Monitoring using
Prometheus
Amazon EKS Node Drainer A in-depth guide to deploy Prometheus monitoring
A guide and an example to cordon and evict all evictable solution.
pods from an EC2 node being terminated.
The Illustrated Children’s Guide to Kubernetes
Comparison of Kubernetes Ingress controllers Graphical explanations of Kubernetes.
This research compares the capabilities of 14 different
Kubernetes Ingress controllers. Troubleshooting Kubernetes deployments
A flow chart to troubleshoot a kubernetes deployment in
Configuring HA Kubernetes cluster on bare metal case of issues.
servers with kubeadm
A guide to standing up a HA Kubernetes cluster on bare Writing Your First Kubernetes Operator
metal servers with kubeadm. In this article, we’ll see how to build and deploy your first
Kubernetes Operator using the Operator SDK.
Introduction to Using Google Kubernetes Engine; Explain
Like I’m Five!
Creating your first managed Kubernetes cluster on Google
Kubernetes Engine using Terraform.

Kubernetes Network Policy Recipes

This repository contains various use cases of Kubernetes
Network Policies and sample YAML files to leverage in your
setup.

4
1 | Guides, Documentations, Blogs, and Learnings

BLOGS AND VIDEOS

10 most common mistakes using Kubernetes OPA Deep Dive

Common pitfalls and how to avoid them. Deep dive on some exciting new features in the OPA
project presented by the co-creators.
How the Department of Defense Moved to Kubernetes
and Isti Scaling Kubernetes to 2,500 Nodes
Security stack leveraging Envoy and sidecar containers to Issues you will encounter when running high-scale
ensure zero trust security and baked-in multi-layer security. Kubernetes workloads.

Kubernetes at Reddit: Tales from Production Service Mesh Comparison

Hear of successes, share in the heartbreak of production An easy compensation to help choose one of the service
explosions, and gain insight into what has and hasn’t Mesh implementations.
worked well for one of the world’s busiest web properties.
Kubernetes Configurations Best Practices
Kubernetes Failure Stories 10 best practices based on real-world lessons learned from
A compiled list of links to public failure stories related to Kubernetes misconfigurations that made it to production.
Kubernetes.
Kubernetes Tutorial for Beginners
Life of a Packet A full course (4 hours) for getting started with Kubernetes
Tracing the path of network traffic in the Kubernetes from scratch.
system.

CERTIFICATION GUIDES

Certified Kubernetes Security Specialist - CKSS The ultimate CKA “Certfified Kuberenetes Administator”
This repository is a collection of resources to prepare for resource since exam inception
the Certified Kubernetes Security Specialist (CKSS) exam. An updated repo of offical resources to help you master
the CKA exam as well some extra resources to consolidate
CKS “Certified Kubernetes security specialist your kubernetes administration knowledge.
certification
Kubernetes security resources primarly from material Kubernetes Exam Simulator
allowed during the exam, and extra optional items to CKS/CKA/CKAD exams scenarios and environment.
help you advance your container and kubernetes security
journey.

How to pass the Certified Kubernetes Administrator

(CKA) exam on the first attempt
A guide to pass CKA exam.

5
1 | Guides, Documentations, Blogs, and Learnings

LEARNINGS AND DOCUMENTATIONS

A Beginner’s Guide to Kubernetes Kubernetes API Reference Docs

A comprehensive introduction to Kubernetes architecture. A high-level overview of the basic types of resources
provided by the Kubernetes API and their primary
Configuring Redis using a ConfigMap functions.
A walkthrough that provides a real world example of how
to configure Redis using a ConfigMap. Learn Kubernetes Basics
This tutorial provides a walkthrough of the basics of the
Example: Deploying Cassandra with a StatefulSet Kubernetes cluster orchestration system.
This tutorial shows you how to run Apache Cassandra
on Kubernetes. Cassandra, a database, needs persistent Play with Kubernetes
storage to provide data durability. Play with Kubernetes is a playground which allows users
to run K8s clusters in a matter of seconds.
Example: Deploying PHP Guestbook application with
Redis Ready-to-use commands and tips for kubectl
This tutorial shows you how to build and deploy a simple, Various kubectl tips and tricks by Flant’s engineers
multi-tier web application using Kubernetes and Docker.
Running ZooKeeper, A Distributed System Coordinator
Example: Deploying WordPress and MySQL with This tutorial demonstrates running Apache Zookeeper on
Persistent Volumes Kubernetes using StatefulSets, PodDisruptionBudgets, and
This tutorial shows you how to deploy a WordPress site PodAntiAffinity.
and a MySQL database using Minikube.
Set Up a CI/CD Pipeline with Kubernetes
Exposing an External IP Address to Access an A end-to-end guide to set up a CI/CD Pipeline with
Application in a Cluster Kubernetes.
This guide shows how to create a Kubernetes Service
object that exposes an external IP address. StatefulSet Basics
This tutorial provides an introduction to managing
Katacoda applications with StatefulSets.
This is a Kubernetes playground, a safe place designed for
experimenting, exploring and learning Kubernetes. Webinar: K8s with OPA Gatekeeper
How to use OPA to control what end-users can do on the
kubectl Cheat Sheet cluster and ways to ensure that clusters are in compliance
An official list of commonly used kubectl commands and with company policies.
flags.

Kubectl Kubernetes CheatSheet

A cheatsheet containing many helpful kubectl commands.

6
1 | Guides, Documentations, Blogs, and Learnings

Tools and Libraries

7
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

THE STARS METER OF AWESOMENESS

50+ 200+ 500+ 1000+ 2000+ Open Source SaaS

COMMAND LINE TOOLS

Helm kubectl-aliases
Helm is a tool for managing Charts. Charts are packages This repository contains a script to generate hundreds of
of pre-configured Kubernetes resources. convenient shell aliases for kubectl.

K9s kubectx + kubens

K9s provides a terminal UI to interact with your Kubernetes Helps you switch between clusters back and forth, and
clusters. kubens helps you switch between Kubernetes namespaces
smoothly.clusters.
Ktunnel
Ktunnel is a CLI tool that establishes a reverse tunnel kubediff
between a kubernetes cluster and your local machine. Kubediff is a tool for Kubernetes to show you the
differences between your running configuration and your
Kubebox version controlled configuration.
Terminal and Web console for Kubernetes.
kubeprompt
Kubetail Isolates KUBECONFIG in each shell and shows the current
Bash script that enables you to aggregate (tail/follow) logs Kubernetes context/namespace in your prompt.
from multiple pods into one stream.
nova
kube-shell Nova scans your cluster for installed Helm charts, then
Kube-shell: An integrated shell for working with the cross-checks them against all known Helm repositories.
Kubernetes CLI.
stern
kubectl tree Stern allows you to tail multiple pods on Kubernetes and
A kubectl plugin to explore ownership relationships multiple containers within the pod.
between Kubernetes objects through owners.

8
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

CLUSTER PROVISIONING

Bootkube Kops
Bootkube is a tool for launching self-hosted Kubernetes Kops helps you create,like kind,upgrade and maintain
clusters. production-grade.

eksctl kube-aws
Is a simple CLI tool for creating clusters on EKS - Amazon’s kube-aws is a command-line tool to create/update/destroy
new managed Kubernetes service for EC2. Kubernetes clusters on AWS.

k3d Kubespray
k3d,and Windows.,destroy,half the memory,highly Deploy a production ready Kubernetes cluster.
available,is a tool for running local k3s clusters in docker.
It’s a single binary about 20 MB. You need to have docker Minikube
installed. Minikube implements a local Kubernetes cluster on
macOS,Linux,all in a binary less than 100 MB.
k3s
Lightweight Kubernetes. Easy to install,Kubernetes clusters Kubeadm
from the command line. kubeadm performs the actions necessary to get a
minimum viable cluster up and running.
kind
kind is a tool for running local Kubernetes clusters using
Docker container “nodes”.

CLUSTER RESOURCES MANAGEMENT

Grafana Tanka Kubenav

The clean, concise and super flexible alternative to YAML kubenav is the navigator for your Kubernetes clusters right
for your Kubernetes cluster. in your pocket.

Kruise Liqo
Kruise consists of several controllers which extend and Liqo implements Dynamic resource sharing across different
complement the Kubernetes core controllers for workload Kubernetes clusters (e.g.; offloading pods and services),
management. supporting decentralized governance.scaleout application
clusters.
KubeDirector
KubeDirector uses standard Kubernetes (K8s) facilities of The Hierarchical Namespace Controller
custom resources and API extensions to implement stateful Hierarchical namespaces make it easier to share your
scaleout application clusters. cluster by making namespaces more powerful.

9
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

SECRETS MANAGEMENT

Kubernetes External Secrets Sealed Secrets

Kubernetes External Secrets allows you to use external Encrypt your Secret into a SealedSecret, which is safe to
secret management systems, like AWS Secrets Manager or store - even to a public repository.
HashiCorp Vault, to securely add secrets in Kubernetes.

AUTOMATION AND CI/CD

Apollo Flux2
Apollo is a simple, lightweight, Continuous Deployment Flux version 2 is built from the ground up to use
(CD) solution on top of Kubernetes. Kubernetes’ API extension system, and to integrate with
Prometheus and other core components of the Kubernetes
Argo CD ecosystem.
Argo CD is a declarative, GitOps continuous delivery tool .
for Kubernetes. Helm Operator
The Helm Operator is a Kubernetes operator, allowing one
Argo Events to declaratively manage Helm chart releases.
Argo Events is an event-driven workflow automation
framework for Kubernetes which helps you trigger K8s KEDA
objects, Argo Workflows, Serverless workloads, etc. KEDA allows for fine grained autoscaling (including to/from
zero) for event driven Kubernetes workloads.
Argo Rollouts
Argo Rollouts controller, uses the Rollout custom resource KubeSphere
to provide additional deployment strategies such as Blue KubeSphere is a distributed operating system providing
Green and Canary to Kubernetes. cloud native stack with Kubernetes as its kernel, and
aims to be plug-and-play architecture for third-party
Argo Workflows applications seamless integration to boost its ecosystem.
Argo Workflows is an open source container-native
workflow engine for orchestrating parallel jobs on Reloader
Kubernetes. Reloader can watch changes in ConfigMap and Secret
and do rolling upgrades on Pods with their associated
Codefresh DeploymentConfigs, Deployments, Daemonsets and
Codefresh is a Docker-native CI/CD platform. Instantly Statefulsets.
build, test and deploy Docker images to Kubernetes.
Skaffold
Flagger Skaffold is a command line tool that facilitates continuous
Flagger is a progressive delivery tool that automates the development for Kubernetes applications.
release process for applications running on Kubernetes.
Spinnaker
Flux Spinnaker is an open-source continuous delivery platform
Flux is a tool that automatically ensures that the state of a for releasing software changes with high velocity and
cluster matches the config in git. confidence.

10
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

NETWORKING

Calico Networking Kong for Kubernetes

Calico is an open source networking and network security Configure plugins, health checking, load balancing and
solution for containers, virtual machines, and bare-metal more in Kong for Kubernetes Services.
workloads.
ksniff
cert-manager A kubectl plugin that utilize tcpdump and Wireshark to
cert-manager is a Kubernetes add-on to automate the start a remote capture on any pod in your Kubernetes
management and issuance of TLS certificates from various cluster.
issuing sources.
kubectl trace
CoreDNS kubectl trace is a kubectl plugin that allows you to
CoreDNS is a fast and flexible DNS server that works on schedule the execution of bpftrace programs in your
Kubernetes. Kubernetes cluster.

ingress-nginx kubernetes-ingress
ingress-nginx is an Ingress controller for Kubernetes using An implementation of an Ingress controller for NGINX and
NGINX as a reverse proxy and load balancer. NGINX Plus (commercial).

STORAGE

Longhorn Amazon EFS CSI Driver

Longhorn is a distributed block storage system for The Amazon Elastic File System Container Storage
Kubernetes. Interface (CSI) Driver implements the CSI specification for
container orchestrators to manage the lifecycle of Amazon
OpenEBS EFS filesystems.
OpenEBS is the most widely deployed and easy to use
open-source storage solution for Kubernetes. Amazon FSx for Lustre CSI Driver
The Amazon FSx for Lustre Container Storage Interface
Rook (CSI) Driver implements CSI specification for container
Rook is an open source cloud-native storage orchestrator orchestrators (CO) to manage lifecycle of Amazon FSx for
for Kubernetes. Lustre filesystems.

Amazon EBS CSI Driver

The Amazon Elastic Block Store Container Storage
Interface (CSI) Driver provides a CSI interface used by
Container Orchestrators to manage the lifecycle of Amazon
EBS volumes.

11
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

TESTING AND TROUBLESHOOTING

Chaos Mesh kube-score

Chaos Mesh® is a cloud-native Chaos Engineering kube-score is a tool that performs static code analysis of
platform that orchestrates chaos on Kubernetes your Kubernetes object definitions.
environments.
Kubectl-debug
chaoskube kubectl-debug is an out-of-tree solution for
chaoskube periodically kills random pods in your troubleshooting running pods, which allows you to run a
Kubernetes cluster. new container in running pods for debugging purpose.

Conftest KubeInvaders
Conftest helps you write tests against structured Through KubeInvaders you can stress Kubernetes cluster in
configuration data. a fun way and check how it is resilient.

Cooper Kubetest
A configuration file validator for Kubernetes. This is Kubetest is a pytest plugin that makes it easier to manage
specifically useful with Kubernetes configuration files to a Kubernetes cluster within your integration tests.
enforce best practices, apply policies and compliance
requirements. Litmus
Litmus provides tools to orchestrate chaos on Kubernetes
k6 to help SREs find weaknesses in their deployments.
k6 is a modern load testing tool, building on Load Impact’s
years of experience in the load and performance testing popeye
industry. Popeye is a utility that scans live Kubernetes cluster and
reports potential issues with deployed resources and
ksniff configurations.
A kubectl plugin that utilize tcpdump and Wireshark to
start a remote capture on any pod in your Kubernetes PowerfulSeal
cluster. PowerfulSeal injects failure into your Kubernetes clusters,
so that you can detect problems as early as possible.
Kube DOOM
The next level of chaos engineering is here! Kill pods inside
your Kubernetes cluster by shooting them in Doom!

kube-monkey
It randomly deletes Kubernetes (k8s) pods in the cluster
encouraging and validating the development of failure-
resilient services.

BACKUP AND RESTORE

katafygio Velero
katafygio discovers Kubernetes objects (deployments, Velero (formerly Heptio Ark) gives you tools to back up and
services, ...), and continuously save them as yaml files in a restore your Kubernetes cluster resources and persistent
git repository. volumes.

12
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

MONITORING, ALERTS, AND VISUALIZATION

BotKube Kubernetes Operational View

BotKube integration with Slack or Mattermost helps A tool that aims to provide a common operational picture
you monitor your Kubernetes cluster, debug critical for multiple Kubernetes clusters.
deployments and gives recommendations for standard
practices by running checks on the Kubernetes resources. kubewatch
kubewatch is a Kubernetes watcher that currently
Cortex publishes notification to available collaboration hubs/
Cortex provides horizontally scalable, highly available, notification channels.
multi-tenant, long term storage for Prometheus.
Lens
Goldilocks Lens it’s an useful, attractive, open source user interface
This tool creates a vertical pod autoscaler for each (UI) for working with Kubernetes clusters.
deployment in a namespace and then queries them for
information. Popeye
Popeye is a utility that scans live Kubernetes cluster and
Grafana reports potential issues with deployed resources and
Grafana allows you to query, visualize, alert on and configurations.
understand your metrics no matter where they are stored.
Prometheus
Kiali Prometheus, a Cloud Native Computing Foundation project,
Kiali works with Istio to visualise the service mesh is a systems and service monitoring system.
topology.
Searchlight
kube-capacity Searchlight/Icinga periodically runs various checks on a
This is a simple CLI that provides an overview of the Kubernetes cluster and sends notifications if detects an
resource requests, limits, and utilization in a Kubernetes issue.
cluster.
Sloop
kube-state-metrics Sloop monitors Kubernetes, recording histories of events
kube-state-metrics is a simple service that listens to the and resource state changes and providing visualizations to
Kubernetes API server and generates metrics about the aid in debugging past events.
state of the objects.
Thanos
Kubernetes Dashboard Thanos is a set of components that can be composed into
Kubernetes Dashboard is a general purpose, web-based UI a highly available metric system with unlimited storage
for Kubernetes clusters. capacity.

Kubernetes Metrics Server

Metrics Server is a scalable, efficient source of container
resource metrics for Kubernetes built-in autoscaling
pipelines.

13
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

SECURITY AND COMPLIANCE

Datree kube-hunter
Automated policy enforcement for Kubernetes kube-hunter hunts for security weaknesses in Kubernetes
configurations. clusters.

Falco KubeLinter
Falco is a behavioral activity monitor designed to detect KubeLinter is a static analysis tool that checks Kubernetes
anomalous activity in your applications. You can use YAML files and Helm charts to ensure the applications
Falco to monitor run-time security of your Kubernetes represented in them adhere to best practices.
applications and internal components.
Permission manager
Gatekeeper Permission Manager is an application developed by
Policy controller for Kubernetes. SIGHUP that enables a super-easy and user-friendly RBAC
management for Kubernetes.
k-rail
k-rail is a workload policy enforcement tool for Kubernetes. rakkess
It can help you secure a multi tenant cluster with minimal kubectl plugin to show an access matrix for server
disruption and maximum velocity. resources.

Konstraint Kube-Scan
Konstraint is a CLI tool to assist with the creation and Kube-Scan gives a risk score, from 0 (no risk) to 10 (high
management of constraints when using Gatekeeper. risk) for each workload.

kube-bench Teleport
kube-bench is a Go application that checks whether Teleport allows you to implement industry-best practices
Kubernetes is deployed securely by running the checks for SSH and Kubernetes access, meet compliance
documented in the CIS Kubernetes Benchmark. requirements, and have complete visibility into access and
behavior.

SERVICE MESH

Istio AWS App Mesh

An open platform to connect, manage, and secure A service mesh service offered by AWS that works on AWS
microservices. infrastructure services such as EKS and Fargate.

Linkerd Consul
Linkerd is a transparent service mesh, designed to make HashiCorp’s service mesh service that is infrastructure
modern applications safe and sane. agnostic.

Open Service Mesh NGINX Service Mesh

Open Service Mesh (OSM) is a lightweight, extensible, NGINX Service Mesh (NSM) provides a turnkey,
Cloud Native service mesh that allows users to uniformly secure, service-to-service solution for container traffic
manage, secure, and get out-of-the-box observability management, with a unified data plane for ingress and
features for highly dynamic microservice environments. egress management in a single configuration.

14
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

DEVELOPMENT TOOLS

garden kubernix
Garden provides production-like Kubernetes testing This project aims to provide single dependency Kubernetes
environments for integration tests, QA, and development. clusters for local testing, experimenting and development
purposes.
ko
ko is a tool for building and deploying Golang applications Makisu
to Kubernetes. Makisu is a fast and flexible Docker image build tool
designed for unprivileged containerized environments such
Konfig as Mesos or Kubernetes.
Konfig is a Kubernetes friendly Rails gem. It can load
configuration and secrets from both YAML or folders with Okteto
individual files and present them to your application the Okteto accelerates the development workflow of
same way. Kubernetes applications.

kubevious Telepresence
Kubevious renders all configurations relevant to the Telepresence provides fast, realistic local development for
application in one place. That saves a lot of time from Kubernetes microservices.
operators, eliminating the need for looking up settings and
digging within selectors and labels. Tilt
Tilt powers multi-service development and makes sure they
kubectl-warp behave.
Kubernetes CLI plugin for syncing and executing local files
in Pod on Kubernetes. Tye
Tye is a developer tool that makes developing, testing, and
deploying microservices and distributed applications easier.

DATA PROCESSING AND MACHINE LEARNING

Kubeflow Volcano
Kubeflow is a Cloud Native platform for machine learning Volcano is a batch system built on Kubernetes.
based on Google’s internal machine learning pipelines.

Strimzi
Strimzi provides a way to run an Apache Kafka cluster
on Kubernetes or OpenShift in various deployment
configurations.

15
1 | Tools
2 Guides,
and
Documentations,
Libraries Blogs, and Learnings

MISCELLANEOUS

Agones Kubecost
Agones is a library for hosting, running and scaling Kubecost models give teams visibility into current and
dedicated game servers on Kubernetes. historical Kubernetes spend and resource allocation.

AWS Controllers for Kubernetes KubeEdge

AWS Controllers for Kubernetes (ACK) lets you define and KubeEdge is built upon Kubernetes and extends native
use AWS service resources directly from Kubernetes. containerized application orchestration and device
management to hosts at the Edge.
AWS Node Termination Handler
A Kubernetes Daemonset to gracefully handle EC2 Kubeless
instance shutdown. Kubeless is a Kubernetes-native serverless framework that
lets you deploy small bits of code without having to worry
Brigade about the underlying infrastructure plumbing.
Brigade is the tool for creating pipelines for Kubernetes.
KubePug
Crossplane A tool to check deprecations before upgrading Kubernetes
Crossplane is an open source Kubernetes add-on that version.
extends any cluster with the ability to provision and
manage cloud infrastructure, services, and applications. Shell-operator
Shell-operator is a tool for running event-driven scripts in a
Descheduler for Kubernetes Kubernetes cluster.
Descheduling pods from nodes based on policies.

16