The Kubenomicon was born of a desire to understand more about Kubernetes from an offensive perspective.
This project was heavily inspired by the Kubernetes Threat Matrix from Microsoft which is a great starting point as it provides a framework to help understand some of the concepts in a MITRE ATTACK style framework. The Microsoft Threat Matrix was explicitly not designed to be a playbook offensive for security professionals and thus it lacks the details necessary to actually exploit (and remediate) each attack in Kubernetes cluster.
The Fastest Developer Tool for Kubernetes (open-source). Client-Only Developer Tool for Cloud-Native Development with Kubernetes.
⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.
DevSpace is an open-source CLI tool that allows you to accelerate your development workflow when building applications on top of Kubernetes. It provides a powerful localhost UI and uses hot reloading to update containers while you are coding.
Wavy is a toolset for running GUI applications on Kubernetes.
Wavy makes it possible to run containerized GUI desktop applications — think VS Code, or Libreoffice — on Kubernetes and makes them accessible via the browser or on a display connected to a node. This workflow allows users to run applications in the cloud and access them from any device without needing to install any software. Wavy works by patching Kubernetes workloads that are annotated with wavy.squat.ai/enable=true to include the necessary tools.
Turnkey Kubernetes networking solution.
The Kube-router is a turnkey solution for Kubernetes networking with aim to provide operational simplicity. Networking is hard as such. In typical Kubernetes cluster you would need to install multiple network components for various functionality. With many moving parts it makes Kubernetes networking even harder. Kube-router provides a cohesive yet lean and powerful alternative to several network components you would use. All this from a single DaemonSet/Binary. It doesn't get any easier.
Bird’s-eye view for Kubernetes. Seabird is the native desktop app that simplifies working with Kubernetes. Native Kubernetes desktop client.
Seabird is a native cross-platform Kubernetes desktop client that makes it super easy to explore your cluster's resources. We aim to visualize all common resource types in a simple, bloat-free user interface.
K8s-Sherlock is your open-source investigative tool for diving deep into Kubernetes cluster mysteries. Designed to simplify and expedite debugging processes, it's the essential utility for demystifying complex container orchestration issues.
K8s-Sherlock is an open-source Kubernetes pod designed for debugging and diagnostics. As a swiss-army knife for your Kubernetes cluster, it comes pre-loaded with a host of tools to help you diagnose issues with network, containers, and more. Developed to expedite the troubleshooting process, K8s-Sherlock is your go-to pod for resolving complex orchestration issues.
Infrastructure as Code in Any Programming Language. Open Source Infrastructure as Code. Manage infrastructure, secrets, and configurations intuitively on any cloud.Build infrastructure intuitively on any cloud using familiar languages 🚀.
Pulumi's Infrastructure as Code SDK is the easiest way to build and deploy infrastructure, of any architecture and on any cloud, using programming languages that you already know and love. Code and ship infrastructure faster with your favorite languages and tools, and embed IaC anywhere with Automation API.
A more powerful alternative to kubectx and kubens.
kubie is an alternative to kubectx, kubens and the k on prompt modification script. It offers context switching, namespace switching and prompt modification in a way that makes each shell independent from others. It also has support for split configuration files, meaning it can load Kubernetes contexts from multiple files. You can configure the paths where kubie will look for contexts, see the settings section.
Open-source hyperconverged infrastructure.
The open source hyperconverged infrastructure (HCI) solution for a cloud native world.
Harvester is a modern, open, interoperable, hyperconverged infrastructure (HCI) solution built on Kubernetes. It is an open-source alternative designed for operators seeking a cloud-native HCI solution. Harvester runs on bare metal servers and provides integrated virtualization and distributed storage capabilities. In addition to traditional virtual machines (VMs), Harvester supports containerized environments automatically through integration with Rancher. It offers a solution that unifies legacy virtualized infrastructure while enabling the adoption of containers from core to edge locations.
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way. Since the Sealed Secrets are encrypted, they can be safely stored in a code repository. This enables an easy to implement GitOps flow that is very popular among the OSS community.
Multi-Cluster Kubernetes Orchestration.
KubeAdmiral is a multi-cluster management system for Kubernetes, developed from Kubernetes Federation v2. Kubernetes Federation v2 allows users to manage Kubernetes resources across multiple clusters through the use of federated types such as FederatedDeployment, FederatedReplicaSet, FederatedSecret, etc. KubeAdmiral extends the Kubernetes Federation v2 API, providing compatibility with the Kubernetes native API and more powerful resource management capabilities.
Kubernetes Native Policy Management.
Kyverno is a policy engine designed for Kubernetes.
It can validate, mutate, and generate configurations using admission controls and background scans.
Kyverno policies are Kubernetes resources and do not require learning a new language.
Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.
KubeSkoop is a kubernetes networking diagnose tool for different CNI plug-ins and IAAS providers. KubeSkoop automatic construct network traffic graph of Pod in the Kubernetes cluster, monitoring and analysis of the kernel's critical path by eBPF, to resolve most of Kubernetes cluster network problems.
The Kubernetes control plane manager.
An open source control plane manager for unified cluster management. k0smotron allows you to unify your Kubernetes cluster management for an efficient use of resources. It’s designed for k0s.
Efficient and consistent CI/CD with Kubernetes.
A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices.
werf is a CNCF Sandbox CLI tool to implement full-cycle CI/CD to Kubernetes easily. werf integrates into your CI system and leverages familiar and reliable technologies, such as Git, Dockerfile, Helm, and Buildah.
PuzzleFS is a next-generation container filesystem.
Puzzlefs is a container filesystem designed to address the limitations of the existing OCI format. The main goals of the project are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees, some inspired by the OCIv2 design document.
An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters.
Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.
Get your resource requests "Just Right".
Goldilocks is a utility that can help you identify a starting point for resource requests and limits.
By using the kubernetes vertical-pod-autoscaler in recommendation mode, we can see a suggestion for resource requests on each of our apps. This tool creates a VPA for each workload in a namespace and then queries them for information.
Kubernetes-native CI/CD building blocks.
Tekton is a powerful yet flexible Kubernetes-native open source framework for creating continuous integration and delivery (CI/CD) systems. It lets you build, test, and deploy across multiple cloud providers or on-premises systems by abstracting away the underlying implementation details.