Chaos Mesh is a cloud-native Chaos Engineering platform that orchestrates chaos on #k8s environments. At the current stage, it has the following components:
- Chaos Operator: the core component for chaos orchestration. Fully open sourced.
- Chaos Dashboard: a visualized panel that shows the impacts of chaos experiments on the online services of the system; under development; curently only supports chaos experiments on TiDB(https://github.com/pingcap/tidb).
https://github.com/pingcap/chaos-mesh
#go
- Chaos Operator: the core component for chaos orchestration. Fully open sourced.
- Chaos Dashboard: a visualized panel that shows the impacts of chaos experiments on the online services of the system; under development; curently only supports chaos experiments on TiDB(https://github.com/pingcap/tidb).
https://github.com/pingcap/chaos-mesh
#go
#k8s #devops #go
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.
https://github.com/GoogleContainerTools/skaffold
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.
https://github.com/GoogleContainerTools/skaffold
#k8s #devops #go
arkade (ark for short) provides a clean CLI with strongly-typed flags to install charts and apps to your cluster in one command.
Gone are the days of contending with dozens of README files just to get the right version of #helm and to install a chart with sane defaults.
https://github.com/alexellis/arkade
arkade (ark for short) provides a clean CLI with strongly-typed flags to install charts and apps to your cluster in one command.
Gone are the days of contending with dozens of README files just to get the right version of #helm and to install a chart with sane defaults.
https://github.com/alexellis/arkade
#k8s #devops #go
Local Kubernetes development with no stress.
Tilt helps you develop your microservices locally. Run tilt up to start working on your services in a complete dev environment configured for your team.
Tilt watches your files for edits, automatically builds your container images, and applies any changes to bring your environment up-to-date in real-time. Think
https://github.com/windmilleng/tilt
Local Kubernetes development with no stress.
Tilt helps you develop your microservices locally. Run tilt up to start working on your services in a complete dev environment configured for your team.
Tilt watches your files for edits, automatically builds your container images, and applies any changes to bring your environment up-to-date in real-time. Think
docker build && kubectl apply or docker-compose up.https://github.com/windmilleng/tilt
YouTube
Welcome to Tilt! (Intro + Demo)
Tilt is a dev tool we crafted to keep you in flow when you're iterating on your microservices. Come see what we're about, and how we can help you develop your app locally on Kubernetes with speed and transparency.
Lightweight Kubernetes. Easy to install, half the memory, all in a binary less than 40mb.
Great for:
- Edge
- IoT
- CI
- ARM
- Situations where a PhD in #k8s clusterology is infeasible
https://github.com/rancher/k3s
#go #devops
Great for:
- Edge
- IoT
- CI
- ARM
- Situations where a PhD in #k8s clusterology is infeasible
https://github.com/rancher/k3s
#go #devops
GitHub
GitHub - k3s-io/k3s: Lightweight Kubernetes
Lightweight Kubernetes. Contribute to k3s-io/k3s development by creating an account on GitHub.
Lens - The free, smart desktop application for managing Kubernetes clusters.
What makes Lens special?
- Amazing usability and end user experience
- Real-time cluster state visualization
- Resource utilization charts and trends with history powered by built-in Prometheus
- Terminal access to nodes and containers
- Fully featured role based access control management
- Dashboard access and functionality limited by RBAC
https://github.com/lensapp/lens
#k8s #ts
What makes Lens special?
- Amazing usability and end user experience
- Real-time cluster state visualization
- Resource utilization charts and trends with history powered by built-in Prometheus
- Terminal access to nodes and containers
- Fully featured role based access control management
- Dashboard access and functionality limited by RBAC
https://github.com/lensapp/lens
#k8s #ts
YouTube
Kontena Lens - The Smart Dashboard for Kubernetes
Kontena Lens provides the most sophisticated user interface for managing Kubernetes clusters. It is the only management system you’ll ever need to take control of your clusters. Once you have tried it, there's no going back.
K9s provides a terminal UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, observe and manage your applications in the wild. K9s continually watches Kubernetes for changes and offers subsequent commands to interact with your observed resources.
https://github.com/derailed/k9s
#go #k8s #devops
https://github.com/derailed/k9s
#go #k8s #devops
Lens is the most powerful IDE for people who need to deal with #k8s clusters on a daily basis. It is a standalone application for MacOS, Windows and Linux operating systems. Ensure your clusters are properly setup and configured. Enjoy increased visibility, real time statistics, log streams and hands-on troubleshooting capabilities. With Lens, you can work with your clusters more easily and fast, radically improving productivity and the speed of business.
https://k8slens.dev/
#ts #devops
https://k8slens.dev/
#ts #devops
fubectl: Reduces repetitive interactions with kubectl, because it's fancy-kubectl!
Can also be used to add the current kubecontext in your prompt.
https://github.com/kubermatic/fubectl
#go #k8s #devops
Can also be used to add the current kubecontext in your prompt.
https://github.com/kubermatic/fubectl
#go #k8s #devops
Gitpod is an open-source #k8s application providing fully-baked, collaborative development environments in your browser - powered by VS Code.
Tightly integrated with GitLab, GitHub, and Bitbucket, Gitpod automatically and continuously prebuilds dev environments for all your branches. As a result, team members can instantly start coding with fresh, ephemeral and fully-compiled dev environments - no matter if you are building a new feature, want to fix a bug or do a code review.
Features:
- Dev environment as code
- Prebuilt dev environments - automatically prepare environments on every Git push
- Professional developer experience in a browser tab (VS Code Extensions, full Linux terminals)
- Integrated Docker build
- GitLab, GitHub, and Bitbucket integration
- Integrated code reviews
- Snapshots - Snapshot any state of your dev environment and let others create clones
- Collaboration - Invite team members to your environments
- Gitpod CLI to automate your experience
https://github.com/gitpod-io/gitpod
#ts #go #devops
Tightly integrated with GitLab, GitHub, and Bitbucket, Gitpod automatically and continuously prebuilds dev environments for all your branches. As a result, team members can instantly start coding with fresh, ephemeral and fully-compiled dev environments - no matter if you are building a new feature, want to fix a bug or do a code review.
Features:
- Dev environment as code
- Prebuilt dev environments - automatically prepare environments on every Git push
- Professional developer experience in a browser tab (VS Code Extensions, full Linux terminals)
- Integrated Docker build
- GitLab, GitHub, and Bitbucket integration
- Integrated code reviews
- Snapshots - Snapshot any state of your dev environment and let others create clones
- Collaboration - Invite team members to your environments
- Gitpod CLI to automate your experience
https://github.com/gitpod-io/gitpod
#ts #go #devops
Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way.
Litmus is a toolset to do cloud-native chaos engineering. Litmus provides tools to orchestrate chaos on #k8s to help SREs find weaknesses in their deployments. SREs use Litmus to run chaos experiments initially in the staging environment and eventually in production to find bugs, vulnerabilities. Fixing the weaknesses leads to increased resilience of the system.
Litmus takes a cloud-native approach to create, manage and monitor chaos. Chaos is orchestrated using the following Kubernetes Custom Resource Definitions (CRDs):
- ChaosEngine: A resource to link a Kubernetes application or Kubernetes node to a ChaosExperiment. ChaosEngine is watched by Litmus' Chaos-Operator which then invokes Chaos-Experiments
- ChaosExperiment: A resource to group the configuration parameters of a chaos experiment. ChaosExperiment CRs are created by the operator when experiments are invoked by ChaosEngine.
- ChaosResult: A resource to hold the results of a chaos-experiment. The Chaos-exporter reads the results and exports the metrics into a configured Prometheus server.
Chaos experiments are hosted on hub.litmuschaos.io. It is a central hub where the application developers or vendors share their chaos experiments so that their users can use them to increase the resilience of the applications in production.
https://github.com/litmuschaos/litmus
#docker #devops #ts #go
Litmus is a toolset to do cloud-native chaos engineering. Litmus provides tools to orchestrate chaos on #k8s to help SREs find weaknesses in their deployments. SREs use Litmus to run chaos experiments initially in the staging environment and eventually in production to find bugs, vulnerabilities. Fixing the weaknesses leads to increased resilience of the system.
Litmus takes a cloud-native approach to create, manage and monitor chaos. Chaos is orchestrated using the following Kubernetes Custom Resource Definitions (CRDs):
- ChaosEngine: A resource to link a Kubernetes application or Kubernetes node to a ChaosExperiment. ChaosEngine is watched by Litmus' Chaos-Operator which then invokes Chaos-Experiments
- ChaosExperiment: A resource to group the configuration parameters of a chaos experiment. ChaosExperiment CRs are created by the operator when experiments are invoked by ChaosEngine.
- ChaosResult: A resource to hold the results of a chaos-experiment. The Chaos-exporter reads the results and exports the metrics into a configured Prometheus server.
Chaos experiments are hosted on hub.litmuschaos.io. It is a central hub where the application developers or vendors share their chaos experiments so that their users can use them to increase the resilience of the applications in production.
https://github.com/litmuschaos/litmus
#docker #devops #ts #go
An event-driven, portable runtime for building microservices on cloud and edge. Any language, any framework, anywhere.
Dapr is a portable, serverless, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks.
Dapr codifies the best practices for building microservice applications into open, independent, building blocks that enable you to build portable applications with the language and framework of your choice. Each building block is independent and you can use one, some, or all of them in your application.
Dapr injects a side-car (container or process) to each compute unit. The side-car interacts with event triggers and communicates with the compute unit via standard HTTP or gRPC protocols. This enables Dapr to support all existing and future programming languages without requiring you to import frameworks or libraries.
Dapr offers built-in state management, reliable messaging (at least once delivery), triggers and bindings through standard HTTP verbs or gRPC interfaces. This allows you to write stateless, stateful and actor-like services following the same programming paradigm. You can freely choose consistency model, threading model and message delivery patterns.
Dapr runs natively on Kubernetes, as a self hosted binary on your machine, on an IoT device, or as a container that can be injected into any system, in the cloud or on-premises.
Dapr uses pluggable component state stores and message buses such as Redis as well as gRPC to offer a wide range of communication methods, including direct dapr-to-dapr using gRPC and async Pub-Sub with guaranteed delivery and at-least-once semantics.
Features:
- Event-driven Pub-Sub system with pluggable providers and at-least-once semantics
- Input and output bindings with pluggable providers
- State management with pluggable data stores
- Consistent service-to-service discovery and invocation
- Opt-in stateful models: Strong/Eventual consistency, First-write/Last-write wins
- Cross platform virtual actors
- Secrets management to retrieve secrets from secure key vaults
- Rate limiting
- Built-in Observability support
- Runs natively on Kubernetes using a dedicated Operator and CRDs
- Supports all programming languages via HTTP and gRPC
- Multi-Cloud, open components (bindings, pub-sub, state) from Azure, AWS, GCP
- Runs anywhere, as a process or containerized
- Lightweight (58MB binary, 4MB physical memory)
- Runs as a sidecar - removes the need for special SDKs or libraries
- Dedicated CLI - developer friendly experience with easy debugging
- Clients for Java, .NET Core, Go, Javascript, Python, Rust and C++
https://dapr.io/
#devops #go #k8s
Dapr is a portable, serverless, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks.
Dapr codifies the best practices for building microservice applications into open, independent, building blocks that enable you to build portable applications with the language and framework of your choice. Each building block is independent and you can use one, some, or all of them in your application.
Dapr injects a side-car (container or process) to each compute unit. The side-car interacts with event triggers and communicates with the compute unit via standard HTTP or gRPC protocols. This enables Dapr to support all existing and future programming languages without requiring you to import frameworks or libraries.
Dapr offers built-in state management, reliable messaging (at least once delivery), triggers and bindings through standard HTTP verbs or gRPC interfaces. This allows you to write stateless, stateful and actor-like services following the same programming paradigm. You can freely choose consistency model, threading model and message delivery patterns.
Dapr runs natively on Kubernetes, as a self hosted binary on your machine, on an IoT device, or as a container that can be injected into any system, in the cloud or on-premises.
Dapr uses pluggable component state stores and message buses such as Redis as well as gRPC to offer a wide range of communication methods, including direct dapr-to-dapr using gRPC and async Pub-Sub with guaranteed delivery and at-least-once semantics.
Features:
- Event-driven Pub-Sub system with pluggable providers and at-least-once semantics
- Input and output bindings with pluggable providers
- State management with pluggable data stores
- Consistent service-to-service discovery and invocation
- Opt-in stateful models: Strong/Eventual consistency, First-write/Last-write wins
- Cross platform virtual actors
- Secrets management to retrieve secrets from secure key vaults
- Rate limiting
- Built-in Observability support
- Runs natively on Kubernetes using a dedicated Operator and CRDs
- Supports all programming languages via HTTP and gRPC
- Multi-Cloud, open components (bindings, pub-sub, state) from Azure, AWS, GCP
- Runs anywhere, as a process or containerized
- Lightweight (58MB binary, 4MB physical memory)
- Runs as a sidecar - removes the need for special SDKs or libraries
- Dedicated CLI - developer friendly experience with easy debugging
- Clients for Java, .NET Core, Go, Javascript, Python, Rust and C++
https://dapr.io/
#devops #go #k8s
Gitkube is a tool for building and deploying Docker images on Kubernetes using
After a simple initial setup, users can simply keep git push-ing their repos to build and deploy to Kubernetes automatically.
Features:
- No dependencies except native tooling (git, kubectl)
- Plug and play installation
- Simple public key based authentication
- RBAC ready - Control access to git remotes using RBAC
- Support for namespace based multi-tenancy - Remotes can only deploy to their own namespace
- No assumptions about repository structure
https://github.com/hasura/gitkube
#go #devops #k8s
git push.After a simple initial setup, users can simply keep git push-ing their repos to build and deploy to Kubernetes automatically.
Features:
- No dependencies except native tooling (git, kubectl)
- Plug and play installation
- Simple public key based authentication
- RBAC ready - Control access to git remotes using RBAC
- Support for namespace based multi-tenancy - Remotes can only deploy to their own namespace
- No assumptions about repository structure
https://github.com/hasura/gitkube
#go #devops #k8s
Keel is a tool for automating Kubernetes deployment updates.
kubectl is the new SSH. If you are using it to update production workloads, you are doing it wrong. See examples on how to automate application updates.
Keel runs as a single container, scanning Kubernetes and Helm releases for outdated images. Policies and trigger types are specified in your application deployment files or Helm charts. Single command, no dependencies. No lock-in, no custom configuration files.
Comes with a web interface.
https://github.com/keel-hq/keel
#go #vue #devops #k8s
kubectl is the new SSH. If you are using it to update production workloads, you are doing it wrong. See examples on how to automate application updates.
Keel runs as a single container, scanning Kubernetes and Helm releases for outdated images. Policies and trigger types are specified in your application deployment files or Helm charts. Single command, no dependencies. No lock-in, no custom configuration files.
Comes with a web interface.
https://github.com/keel-hq/keel
#go #vue #devops #k8s
The smallest, fastest Kubernetes.
MicroK8s is a small, fast, single-package Kubernetes for developers, IoT and edge.
Single-package fully conformant lightweight Kubernetes that works on 42 flavours of Linux. Perfect for:
- Developer workstations
- IoT
- Edge
- CI/CD
Why MicroK8s?
- Small. Developers want the smallest K8s for laptop and workstation development. MicroK8s provides a standalone K8s compatible with Azure AKS, Amazon EKS, Google GKE when you run it on Ubuntu.
- Simple. Minimize administration and operations with a single-package install that has no moving parts for simplicity and certainty. All dependencies and batteries included.
- Secure. Updates are available for all security issues and can be applied immediately or scheduled to suit your maintenance cycle.
- Current. MicroK8s tracks upstream and releases beta, RC and final bits the same day as upstream K8s. You can track latest K8s or stick to any release version from 1.10 onwards.
- Comprehensive. MicroK8s includes a curated collection of manifests for common K8s capabilities and services.
https://github.com/ubuntu/microk8s
#python #devops #k8s
MicroK8s is a small, fast, single-package Kubernetes for developers, IoT and edge.
Single-package fully conformant lightweight Kubernetes that works on 42 flavours of Linux. Perfect for:
- Developer workstations
- IoT
- Edge
- CI/CD
Why MicroK8s?
- Small. Developers want the smallest K8s for laptop and workstation development. MicroK8s provides a standalone K8s compatible with Azure AKS, Amazon EKS, Google GKE when you run it on Ubuntu.
- Simple. Minimize administration and operations with a single-package install that has no moving parts for simplicity and certainty. All dependencies and batteries included.
- Secure. Updates are available for all security issues and can be applied immediately or scheduled to suit your maintenance cycle.
- Current. MicroK8s tracks upstream and releases beta, RC and final bits the same day as upstream K8s. You can track latest K8s or stick to any release version from 1.10 onwards.
- Comprehensive. MicroK8s includes a curated collection of manifests for common K8s capabilities and services.
https://github.com/ubuntu/microk8s
#python #devops #k8s
GitHub
GitHub - canonical/microk8s: MicroK8s is a small, fast, single-package Kubernetes for datacenters and the edge.
MicroK8s is a small, fast, single-package Kubernetes for datacenters and the edge. - canonical/microk8s
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov (Чехов).
Checkov is a static code analysis tool for infrastructure-as-code.
It scans cloud infrastructure provisioned using Terraform, Cloudformation, Kubernetes, Serverless or ARM Templates and detects security and compliance misconfigurations.
Features:
- Over 400 built-in policies cover security and compliance best practices for AWS, Azure and Google Cloud.
- Scans Terraform, CloudFormation and Kubernetes, Serverless framework and ARM template files.
- Detects AWS credentials in EC2 Userdata, Lambda environment variables and Terraform providers.
- Evaluates Terraform Provider settings to regulate the creation, management, and updates of IaaS, PaaS or SaaS managed through Terraform.
- Policies support evaluation of variables to their optional default value.
- Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures. Also supports global skip from using CLI.
- Output currently available as CLI, JSON, JUnit XML and github markdown and link to remediation guides.
https://github.com/bridgecrewio/checkov
#python #devops #k8s
Checkov is a static code analysis tool for infrastructure-as-code.
It scans cloud infrastructure provisioned using Terraform, Cloudformation, Kubernetes, Serverless or ARM Templates and detects security and compliance misconfigurations.
Features:
- Over 400 built-in policies cover security and compliance best practices for AWS, Azure and Google Cloud.
- Scans Terraform, CloudFormation and Kubernetes, Serverless framework and ARM template files.
- Detects AWS credentials in EC2 Userdata, Lambda environment variables and Terraform providers.
- Evaluates Terraform Provider settings to regulate the creation, management, and updates of IaaS, PaaS or SaaS managed through Terraform.
- Policies support evaluation of variables to their optional default value.
- Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures. Also supports global skip from using CLI.
- Output currently available as CLI, JSON, JUnit XML and github markdown and link to remediation guides.
https://github.com/bridgecrewio/checkov
#python #devops #k8s
k0s - Zero Friction Kubernetes
k0s is an all-inclusive Kubernetes distribution with all the required bells and whistles preconfigured to make building a Kubernetes clusters a matter of just copying an executable to every host and running it.
Key Features:
- Packaged as a single static binary
- Self-hosted, isolated control plane
- Variety of storage backends: etcd, SQLite, MySQL (or any compatible), PostgreSQL
- Elastic control-plane
- Vanilla upstream Kubernetes
- Supports custom container runtimes (containerd is the default)
- Supports custom Container Network Interface (CNI) plugins (calico is the default)
- Supports x86-64 and arm64
Quickstart:
https://github.com/k0sproject/k0s
#k8s #devops #go
k0s is an all-inclusive Kubernetes distribution with all the required bells and whistles preconfigured to make building a Kubernetes clusters a matter of just copying an executable to every host and running it.
Key Features:
- Packaged as a single static binary
- Self-hosted, isolated control plane
- Variety of storage backends: etcd, SQLite, MySQL (or any compatible), PostgreSQL
- Elastic control-plane
- Vanilla upstream Kubernetes
- Supports custom container runtimes (containerd is the default)
- Supports custom Container Network Interface (CNI) plugins (calico is the default)
- Supports x86-64 and arm64
Quickstart:
curl -sSLf get.k0s.sh | sh
k0s server --enable-worker
https://github.com/k0sproject/k0s
#k8s #devops #go
Prevent Kubernetes misconfigurations from reaching production (again 😤 )! Datree is a CLI tool to ensure K8s manifests and Helm charts follow best practices as well as your organization’s policies.
It’s far more effective than manual processes, such as sending an email to a slew of developers, begging them to set various limits, which likely falls on deaf ears because developers are already overwhelmed.
The CLI integration provides a policy enforcement solution for Kubernetes to run automatic checks on every code change for rule violations and misconfigurations. When rule violations are found, Datree produces an alert which guides the developer to fix the issue inside the CI process — or even earlier as a pre-commit hook — while explaining the reason behind the rule.
Right now, there are 30 battle-tested rules for you to choose from.
https://github.com/datreeio/datree
#k8s #devops #go
It’s far more effective than manual processes, such as sending an email to a slew of developers, begging them to set various limits, which likely falls on deaf ears because developers are already overwhelmed.
The CLI integration provides a policy enforcement solution for Kubernetes to run automatic checks on every code change for rule violations and misconfigurations. When rule violations are found, Datree produces an alert which guides the developer to fix the issue inside the CI process — or even earlier as a pre-commit hook — while explaining the reason behind the rule.
Right now, there are 30 battle-tested rules for you to choose from.
https://github.com/datreeio/datree
#k8s #devops #go
Kubegres is a #k8s operator allowing to deploy one or many clusters of postgresql instances and manage databases replication, failover and backup.
Features:
- It can manage one or many clusters of Postgres instances. Each cluster of Postgres instances is created using a YAML of "kind: Kubegres". Each cluster is self-contained and is identified by its unique name and namespace.
- It creates a cluster of PostgreSql servers with Streaming Replication enabled: it creates a Primary PostgreSql pod and a number of Replica PostgreSql pods and replicates primary's database in real-time to Replica pods.
- It manages fail-over: if a Primary PostgreSql crashes, it automatically promotes a Replica PostgreSql as a Primary.
- It has a data backup option allowing to dump PostgreSql data regularly in a given volume.
- It provides a very simple YAML with properties specialised for PostgreSql.
https://github.com/reactive-tech/kubegres
#go #devops
Features:
- It can manage one or many clusters of Postgres instances. Each cluster of Postgres instances is created using a YAML of "kind: Kubegres". Each cluster is self-contained and is identified by its unique name and namespace.
- It creates a cluster of PostgreSql servers with Streaming Replication enabled: it creates a Primary PostgreSql pod and a number of Replica PostgreSql pods and replicates primary's database in real-time to Replica pods.
- It manages fail-over: if a Primary PostgreSql crashes, it automatically promotes a Replica PostgreSql as a Primary.
- It has a data backup option allowing to dump PostgreSql data regularly in a given volume.
- It provides a very simple YAML with properties specialised for PostgreSql.
https://github.com/reactive-tech/kubegres
#go #devops
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
KubeLinter runs sensible default checks, designed to give you useful information about your Kubernetes YAML files and Helm charts. This is to help teams check early and often for security misconfigurations and DevOps best practices. Some common examples of these include running containers as a non-root user, enforcing least privilege, and storing sensitive information only in secrets.
KubeLinter is configurable, so you can enable and disable checks, as well as create your own custom checks, depending on the policies you want to follow within your organization.
When a lint check fails, KubeLinter reports recommendations for how to resolve any potential issues and returns a non-zero exit code.
https://github.com/stackrox/kube-linter
#go #k8s #devops
KubeLinter runs sensible default checks, designed to give you useful information about your Kubernetes YAML files and Helm charts. This is to help teams check early and often for security misconfigurations and DevOps best practices. Some common examples of these include running containers as a non-root user, enforcing least privilege, and storing sensitive information only in secrets.
KubeLinter is configurable, so you can enable and disable checks, as well as create your own custom checks, depending on the policies you want to follow within your organization.
When a lint check fails, KubeLinter reports recommendations for how to resolve any potential issues and returns a non-zero exit code.
https://github.com/stackrox/kube-linter
#go #k8s #devops
👍1