Skip to content

ianneilsen/k8s-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
README.md
README.md
 
 
aws_eks_scripts
aws_eks_scripts
 
 
best_practices.md
best_practices.md
 
 
cicd_notes_links.md
cicd_notes_links.md
 
 
container_build_options.md
container_build_options.md
 
 
container_registries.md
container_registries.md
 
 
deprecated_apis_tools.md
deprecated_apis_tools.md
 
 
eks_notes_links.md
eks_notes_links.md
 
 
k8s-storage.md
k8s-storage.md
 
 
k8s_Auditing.md
k8s_Auditing.md
 
 
k8s_Container_security.md
k8s_Container_security.md
 
 
k8s_RBAC.md
k8s_RBAC.md
 
 
k8s_eBPF.md
k8s_eBPF.md
 
 
k8s_networking.md
k8s_networking.md
 
 
k8s_observability.md
k8s_observability.md
 
 
k8s_optimizing.md
k8s_optimizing.md
 
 
k8s_pentesting.md
k8s_pentesting.md
 
 
k8s_security_notes_links.md
k8s_security_notes_links.md
 
 
k8s_source_repos.md
k8s_source_repos.md
 
 
kube-proxy.md
kube-proxy.md
 
 
scripts_shortcuts
scripts_shortcuts
 
 
who_to_follow.md
who_to_follow.md
 
 

Repository files navigation

k8s-tools

Reference Links

k8s Security Tooling

  1. Open Policy Agent (OPA): cluster policies :

** https://github.com/open-policy-agent/opa

  1. KubeLinter: yaml linter :

** https://www.redhat.com/en/topics/containers/what-is-kubelinter

  1. Kube-bench - configuration scanner

** https://github.com/aquasecurity/kube-bench

  1. Kube-hunter - Testing tool & pentesting

** https://github.com/aquasecurity/kube-hunter

  1. Terrascan - static code analyzer - compliance & security for terraform/yaml,kustomize,docker

** https://github.com/accurics/terrascan

  1. Falco - pod or node or both

** https://falco.org/

  1. Clair - container static analyzer

** https://github.com/quay/clair

  1. Checkov - scan IaC

** https://www.checkov.io/ ** https://docs.bridgecrew.io/docs/kubernetes-policy-index ** https://www.checkov.io/7.Scan%20Examples/Argo%20Workflows.html

  1. Sandfly security - node security

** https://www.sandflysecurity.com/get-sandfly/

  1. Trivvy - container scanning

** https://github.com/aquasecurity/trivy

  1. snyk io

** https://snyk.io/ ** https://support.snyk.io/hc/en-us/articles/360003946917-Test-images-with-the-Snyk-Container-CLI

  1. anchore

** https://docs.anchore.com/current/

  1. aquasec

** https://www.aquasec.com/

  1. kubei

** https://github.com/Portshift/kubei

  1. Palo Alto twsitcli

** Scan images with twistcli - Palo Alto Networkshttps://docs.paloaltonetworks.com › prisma-cloud › tools

  1. sysdig

** https://sysdig.com/products/secure/

  1. kubesec

** https://github.com/controlplaneio/kubesec/releases

  1. kubehunter - aquasec

** https://github.com/aquasecurity/kube-hunter

  1. kdave

  2. kube-bench - aquasec

** https://github.com/aquasecurity/kube-bench

  1. kubeaudit

  2. Trivy Operator/CRD - vuln scan, audit and reporting to prom or other, argo integration

** https://github.com/aquasecurity/trivy-operator

kustomize

ref link:https://www.openanalytics.eu/blog/2021/02/23/kustomize-best-practices/

kustomize secrets

Multi-Cluster mgt

  1. admiralty
  1. shipper
  1. kubfed
  1. Rancher
  • Rancher
  1. Fleet
  • Fleet is a GitOps-at-scale project designed to facilitate and manage a multi-cluster environment.
  1. Google Anthos
  • Google Anthos is designed to extend the Google Kubernetes engine across hybrid and multi-cluster environments.
  1. Das shift engine
  1. https://rafay.co/ - governance and automation
  2. https://www.paralus.io/ - policy management - access mgt, sso, rbac, auditing, zerotrust just in time accouting
  3. https://blog.kubernauts.io/deploy-k8s-using-k8s-with-cluster-api-and-capa-on-aws-107669808367
  4. CAPI
  5. CAPA

k8s linters

https://github.com/projectatomic/dockerfile_lint

k8s logs

  1. stern/stern formerly known as wercker/stern

About

kubernetes tools

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •