Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.

According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.

And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.

Kubernetes Categories List:

Kube Cluster Deployment Tools

Monitoring Tools

Testing

Security

Helpful CLI Tools

Development Tools

Continuous Integration/ Continuous Delivery Pipeline

Serverless/Function Tools

Service Mesh Tools

Native Service Discovery

Native Visualization & Control



A Kubernetes Operator which automates DaemonSet, StatefulSet, Helm, and Deployment updates. It is a single command use to build whole Keel project binaries, with no dependencies, no custom configuration files, and no lock-in.

Link: https://keel.sh/

A services collection in Kubernetes which makes running production workloads easy. This service enables Kubernetes clusters to monitor performance, enable logging, implement certification management, and allow for the automatic discovery of resources in K8s via public DNS servers. Also for other necessary infrastructure needs.

Link: https://github.com/bitnami/kube-prod-runtime/

Install k3sup and generate a kubeconfig on any local or remote VM in minutes using this tool.

Link: https://github.com/alexellis/k3sup

Monitoring Tools

A basic program that was created to listen to the Kubernetes API server and help generate metrics on the state of the objects. It focuses on the health of the various objects inside a cluster, this includes nodes, pods, and deployment.

Link: https://github.com/kubernetes/kube-state-metrics

Rakess helps you see all the provided Kubernetes cluster access rights. To check a single resource command, use “kubectl auth can-i list deployments,” however it does not provide a complete overview.

Link: https://github.com/corneliusweig/rakkess

Testing

A tool to validate Kubernetes YAML or JSON configuration file. Fulfil this process by running Kubernetes OpenAPI specification which generates a schema used by multiple versions of Kubernetes in validating.

Link: https://github.com/instrumenta/kubeval

A Helm Plugin used in Kubernetes Schemas for validating Charts. You can also select specific Kubernetes versions to validate the charts.

Link: https://github.com/instrumenta/helm-kubeval

BotKube can monitor, debug and run checks on your Kubernetes clusters. Integrate the tool too in various messaging platforms like Slack and Mattermost. Open source and easy to configure.

Link: https://www.botkube.io/

Sonobuoy is a great diagnostic tool for testing conformance, workload debugging, and custom tests to determine the state of your Kubernetes cluster. Tests are done in a non-destructive manner and its diagnostics generate clear, informative reports of your cluster.

Link: https://sonobuoy.io/

Snyk aims to consistently have the means for you to detect and fix vulnerabilities in your containers and applications throughout the Software Development Life Cycle.

Link: https://snyk.io/product/container-vulnerability-management/

Security

Use this program to create a golang executable which imports an AWS SSM parameters service that helps you protect access to your applications, services, and IT resources into Kubernetes as secrets. Further use this golang executable tool can to build a Helm plugin or use it as a kubectl plugin.

Link: https://github.com/xmin-github/kubectl-aws-secrets

Does exactly what it states in the name, a Helm AWS secrets plugin.

Link: https://github.com/xmin-github/helm-aws-secret-plugin

Use Harbor to secure your container image registries with role-based access control. The tool will scan images for vulnerabilities and sign them as trusted.

Link: https://goharbor.io/

A security risk analysis tool for your Kubernetes resources.

Link: https://kubesec.io/

Permission-Manager does exactly what you would think. Developed by SIGHUP, Permission-Manager is an application that enables super easy Role-Based Access Control management for Kubernetes. Create users, assign namespaces/permissions, and distribute Kubeconfig YAML files.

Link: https://github.com/sighupio/permission-manager

A new tool by Octarine which focuses on risk assessment in your Kubernetes workloads, runs as a pod in your clusters, and assesses 30 security settings to create a risk baseline. The tool then analyzes which work in tandem to understand what combinations will decrease your risk levels.

Link: https://www.octarinesec.com/solution-item/kube-scan/

K-rail is for when you need a bit more control in your policy enforcement. There are a variety of easy privilege escalation routes you can take but in a multi-tenant cluster, those features could be dangerous or introduce instability.

Link: https://github.com/cruise-automation/k-rail

Kube2iam provides IAM roles within your pods in Kubernetes, circumventing the standard⁠—and potentially dangerous⁠—system of containers having access to AWS resources using a union of IAM roles.

Kube2iam: https://github.com/jtblin/kube2iam

KIAM shares many similarities in its function to Kube2iam, but you may want to have a look at each one to determine if its use case best suits your needs. You can see a breakdown of the differences and use cases of KIAM and Kube2IAM here.



KIAM: https://github.com/uswitch/kiam

KeyCloak is an Open Source Access and Identity Management tool which adds application authentication and helps secure services with minimum fuss. Removes the need to deal with storing users and authentication users. It is now available out of the box.

Link: https://www.keycloak.org

From the creators of Project Calico, Tigera brings you a suite of network security solutions for your Kubernetes needs with support for multi-cloud and legacy environments using an automated universal security policy that is delivered by code.

Link: https://www.tigera.io/

Whilst still in Beta, this is a repository for Palo Alto’s Kubernetes Security, it contains YAML files to deploy containerized firewalls.

Link: https://github.com/PaloAltoNetworks/Kubernetes

Klum, or, Kubernetes Lazy User Manager, does simple tasks such as create/delete/modify users, issues kubeconfig files and manages roles associated with users.

Link: https://github.com/ibuildthecloud/klum

Secrets OPerationS, or SOPS, is considered one of the best tools for managing your Kubernetes secrets, it works seamlessly with AWS Key Management Service and GCP Key Management Service, plus Pretty Good Privacy (PGP) and Azure Key Vault.

Check out our full article on using SOPS here: Managing Kubernetes Secrets Using Secrets OPerationS

Link: https://github.com/mozilla/sops

StrongDM is a control plane for securing and auditing access to your servers and/or databases. Don’t miss our recent article on how to leverage strongDM to maximise your database security and authentication. Read the full piece here: Identity and Access for Servers and Databases with StrongDM

Link: https://strongdm.com/

Helpful CLI Tools

Krew helps developers to discover useful kubectl plugins and install/manage them for your programs. This tool is similar to APT, DNF or Homebrew.

Link: https://github.com/kubernetes-sigs/krew/

A plugin in for kubectl that makes effective use of Wireshark and tcpdump to start a remote capture of a Kubernetes cluster pod.

Link: https://github.com/eldadru/ksniff

Kube-ps1 is a Zsh plugin, it will help you see which namesake or context you’re pointing out, no commands needed.

Link: https://github.com/jonmosco/kube-ps1

Eksctl is a simple command-line interface tool for creating and managing upgrades of a cluster. Also supports the configuration and use of Custom Amazon Machine Images (AMI), this enables a number of advanced use cases such as using custom AMIs or querying AWS in real-time to ascertain which AMI is necessary.

Link: https://eksctl.io/

If you’re running Kubernetes services on a remote cluster, use Kubefwd to forward it to a local workstation. No modifications needed, if you use kubectl, you already meet the requirements.

Link: https://github.com/txn2/kubefwd

This is more of a helper tool that complements kubectl and your terminal in Kubernetes.

Link: https://github.com/samisalkosuo/kubeterminal

Skaffold is a command-line tool that helps developers for continuous Kubernetes application development. Skaffold is very lightweight and does not require a cluster-side component.

Check out our recent post on using Kubernetes Development in Real-Time with Skaffold here for an in-depth look at the tool.

Link: https://skaffold.dev/

For when you spend most of your time at the command line, Tilt syncs your changes to your cluster for you to see how your iterations affect the whole. As everything spins up, Tilt shows you the status of each resource, browse logs for each, or see it all multiplexed. All updates are done IN container, making it super fast.

Link: https://tilt.dev/

Development Tools

A Helm V3 plugin created to help developers migrate and clean up configuration created in Helm V2 and releases in-place to Helm V3.

Link: https://github.com/helm/helm-2to3

Rook helps you to automate a variety of tasks that are central for a storage administrator such as deployment, bootstrapping, scaling, upgrading, etc. It ensures that whatever storage provider you choose, it runs consistently on Kubernetes.

Link: https://rook.io/

Contour is a Kubernetes ingress controller, it provides the control plane for the Envoy edge and service proxy.

Link: https://projectcontour.io/

This will link you to an in-depth guide on how to develop your own Kubernetes API, giving you an insight into how they’re designed and implemented.

Link: https://book.kubebuilder.io/

Shell Operator helps simplify the creation of Kubernetes operators.

Link: https://github.com/flant/shell-operator

A tool that will help manage your Helm releases.

Link: https://github.com/fluxcd/helm-operator-get-started

Kudo is a toolkit that simplifies building Kubernetes Operators, mainly using YAML. It will provide you with pre-built Operators that you can customize out of the box.

Link: https://kudo.dev/

This tool will generate automatic documentation from Helm charts into a markdown file. This file will contain metadata about your chart, including a table with all your chart’s values and defaults.

Link: https://github.com/norwoodj/helm-docs

Continuous Integration/ Continuous Delivery Pipeline

Rafay is a software tool that can simplify companies or individuals in building in-house platforms, automation frameworks, and app life cycle management. It can also run Kubernetes clusters. Contact us at Caylent here about how to get started personally with Rafay.

Link: https://rafay.co/

Rancher is a complete software platform that easily deploys containerized environments going beyond Kubernetes installers such as Kops and Kubespray. The platform provides a variety of features including infrastructure management, container scheduling/orchestration, monitoring/health-checks/logging, and a powerful role-based access control system.

Link: https://rancher.com/

Made by the same people who brought you Helm. Its goal is to simplify applications built to run on Kubernetes. Using two simple commands, you can begin hacking on container-based applications, without even needing Docker or Kubernetes.

Link: https://draft.sh/

Serverless/Function Tools

Knative is an open-source Kubernetes-based platform that provides a set of building blocks to simplify the use of Kubernetes and Istio for managing and operating Lambda functions.

Link: https://cloud.google.com/knative/

Service Mesh Tools

Kiali helps developers to observe, define, and validate the connections and microservices of an Istio service mesh. It creates visual graph representation of a service mesh topology and provides insight to features such as circuit breakers, request routing, latency, circuit breakers, and more.

Link: https://www.kiali.io/documentation/features/

A universal open-source service mesh and microservices control-panel that can be operated and run natively on both VM environment and Kubernetes. For easy adaptation of every team in an organization.

Link: https://github.com/Kong/kuma

Tenkai is a microservices manager based on Helm Charts. The tool uses a Web GUI interface to bring up repositories from Helm Charts and easily configure and deploy them.

Link: https://github.com/softplan/tenkai

Native Service Discovery

A repository for a plethora of service discovery tools, use Vert.X to discover and register service applications exposed by your microservice applications. Services can also be imported from Kubernetes (plus Docker and Consul).

Link: https://github.com/vert-x3/vertx-service-discovery

Native Visualization & Control

An open-source web-based tool that allows you to visualize your Kubernetes workloads and provides you with real-time updates on your workloads.

Link: https://octant.dev/

Kubernetic provides features such as real-time visualization of the cluster and updates as well as supporting multiple clusters. The tool is designed to help developers with easy and fast deployment of public or private chart recipes.

Link: https://kubernetic.com/



Caylent provides a critical DevOps-as-a-Service function to high growth companies looking for expert support with Kubernetes, cloud security, cloud infrastructure, and CI/CD pipelines. Our managed and consulting services are a more cost-effective option than hiring in-house, and we scale as your team and company grow. Check out some of the use cases, learn how we work with clients, and read more about our DevOps-as-a-Service offering.

References

Kubernetes adoption & market share skyrockets | StackRox · StackRox: Cloud-Native, Container, and Kubernetes Security. StackRox. (2020). Retrieved 27 February 2020, from https://www.stackrox.com/kubernetes-adoption-and-security-trends-and-market-share-for-containers/.