kube-bench проверяет, соответствует ли кластер Kubernetes рекомендациям CIS Kubernetes Benchmark

👉 https://github.com/aquasecurity/kube-bench

#kubernetes #security

kube-hunter - сканер уязвимостей для кластеров Kubernetes.

Не запускайте kube-hunter для проверки чужих кластеров Kubernetes (так написано в офф документации 😎)

👉 https://github.com/aquasecurity/kube-hunter

#kubernetes #security

Kubescape проверяет, соответствует ли кластер Kubernetes рекомендациям Kubernetes Hardening Guidance by NSA and CISA

👉 https://github.com/armosec/kubescape

#kubernetes #security

kubectl-ice is a kubectl plugin that allows you to easily view advanced configuration of all containers that are running inside pods to assist in troubleshooting and information gathering

👉 https://github.com/NimbleArchitect/kubectl-ice

#kubernetes #kubectl

zsh-kubectl-prompt - this script displays information about the kubectl current context and namespace in zsh prompt.

👉 https://github.com/superbrothers/zsh-kubectl-prompt

#kubernetes #kubectl #zsh

kubectl-foreach is a kubectl plugin that runs a kubectl command in one or more contexts (clusters) in parallel (similar to GNU parallel/xargs)

👉 https://github.com/ahmetb/kubectl-foreach

#kubernetes #kubectl

kubectl-count uses the dynamic library to find server preferred resources and then leverages the informer mechanism to list and count resources by kind. You can show any kinds counts in kubernetes and group by namespaces.

👉 https://github.com/chenjiandongx/kubectl-count

#kubernetes #kubectl

Kubernetes ConfigMap Reload is a simple binary to trigger a reload when Kubernetes ConfigMaps are updated. It watches mounted volume dirs and notifies the target process that the config map has been changed. It currently only supports sending an HTTP request.

👉 https://github.com/jimmidyson/configmap-reload

It is available as a Docker image at https://hub.docker.com/r/jimmidyson/configmap-reload

#kubernetes

kube-ps1: Kubernetes prompt for bash and zsh

A script that lets you add the current Kubernetes context and namespace configured on kubectl to your Bash/Zsh prompt strings (i.e. the $PS1).

Inspired by several tools used to simplify usage of kubectl.

👉 https://github.com/jonmosco/kube-ps1

#kubernetes #kubectl

Kubeshark is an API Traffic Analyzer for Kubernetes providing real-time, protocol-level visibility into Kubernetes’ internal network, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters.

👉 https://github.com/kubeshark/kubeshark

#kubernetes

KubeStalk discovers Kubernetes and related infrastructure based attack surface from a black-box perspective.

👉 https://github.com/redhuntlabs/kubestalk

#kubernetes #security

kubectl-view-allocations is a kubectl plugin to list allocations (cpu, memory, gpu,... X utilization, requested, limit, allocatable,...)

#kubernetes #plugins