Kubernetes Awesome
学习
- K3s 中文文档
- 从 K3S 入门
- 单节点,内置 etcd
- Kubernetes 文档/概念
- 了解 K8S 基本概念和使用场景
- 然后
- 部署服务
- 迁移 docker 上的服务到 k8s
- 利用 k8s 简化/优化 现有工作流
- 了解内置组件,尝试利用和替换内置组件
- Ingress - nginx, gateway
- CNI - flannel, calico
- CSI - openbsd, longhorn, nfs
- Network - tinc, n2n, wg, metallb
- 了解配合服务,提升使用体验
- cert-manager, sealed-secret
- helm, kustomize
- 面板 - dashboard, rancher, lens
- observability - prometheus, vector, fluntbit, jeager, grafana
- gitops - arogocd, fluxcd
- mesh - linkerd, istio
- 了解 operator,部署和利用更多服务
- operator -> 通过定义 Yaml 来部署新的服务栈 - SaaS 能力
- 数据库、监控、日志、可视化、服务
- 了解 cloud native 开发,调整开发利用云特性
- consul
- dapr
- spring cloud, spring alibaba
- 服务注册、发现、通讯
- 了解新的平台开发方式
- serverless
- faas - fission, openfaas
- baas
- low-code
- sidecar
- 部署服务
- 参考
- kubernetes-api
- 当不确定 Yaml 有什么字段,字段有什么含义的时候查阅
kubectl explain也可以
- kubernetes-api
by Wener
- wenerme/charts
- Helm charts 国内镜像
- https://charts.wener.tech
- wenerme/container-mirror
- 容器国内镜像
registry.cn-hongkong.aliyuncs.com/cmi/
- wenerme/kube-stub-cluster
- 集群部署模板 - 用于快速部署各种服务
- 依赖 上面 helm 和 容器镜像
- wenerme/ansible-collection-wenerme-alpine
- Ansible Colelction 用于管理 AlpineLinux
- 支持部署配置 k3s, n2n, tinc, longhorn 等等
- wenerme/alpine-image
- 快速构建底层基础镜像
底层到上层过程
- alpine-image
构建镜像 - 虚拟机、云服务商
- ansible-collection-wenerme-alpine
快速 setup 和 安装 k3s
- kube-stub-cluster - 依赖 charts 和 container-mirror 快速部署一个可用集群
- ansible-collection-wenerme-alpine
快速 setup 和 安装 k3s
Awesomes
- derailed/popeye
- cluster resource sanitizer
- google/gke-policy-automation
- Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices
- siderolabs/talos
- Linux distribution built for Kubernetes
- kubeboost/hostpath-multihost-provisioner
- CSI Drivers
- kubernetes-sigs/cluster-api
- alexellis/arkade
- kubedex
- devtron-labs/devtron
- Software Delivery Workflow For Kubernetes
- Web 界面
- 部署基于 argo rollout 修改
- oam-dev/kubevela Modern Application Deployment System Based on Kubernetes and OAM
- acorn-io/acorn
- simple application deployment framework for Kubernetes
- k8snetworkplumbingwg/multus-cni CNI meta-plugin for multi-homed pods in Kubernetes
- kubevirt/macvtap-cni
- Validate
- DevOps
- awx
- Kubernetes Basic
- metallb
- cert-manager
- kube-prometheus
- armosec/kubescape
- testing if Kubernetes is deployed securely
- open-policy-agent/opa
- anchore/syft
- sigstore/cosign
- Tencent/caelus
- gardener/gardener
- LoadBalance
- metallb
- openelb
- PureLB
- kube-vip/kube-vip
- Apache-2.0, Golang
- Network Policies
- 隔离,进出流量控制
- 编排外部资源
- crossplane/crossplane
- 管理基础设施
- provider alibaba, aws, azure, gcp, rook, helm
- GoogleCloudPlatform/k8s-config-connector
- crossplane/crossplane
Dashboard/UI
| ui | in | web | desktop | cli | extensible |
|---|---|---|---|---|---|
| lens | TS | ✅ | |||
| portainer | ✅ | ||||
| k9s | Golang | ✅ | |||
| octant | Golang | ✅ | ✅ | ⭐️⭐️⭐️ | |
| kubernetes-dashboard | ✅ | ||||
| rancher | Golang | ✅ | ✅ | ||
| seabird | Golang+GTK | ✅ |
- lens -> openlens
- getseabird/seabird
- MPL-2.0, Golang
- goodrain/rainbond
- LGPLv3, Golang
- kubeapps
- 可简单的理解为 HELM WebUI
- web-based UI for deploying and managing applications in Kubernetes clusters
- healmap
- lens
- kubernetes/dashboard
- 简洁
- k9s - 命令行
- portainer
- 早期支持 docker,后来支持 k8s
- kubernetes-sigs/kui
- 增强 kubectl
- kubectl kui get pods
- Web UI (Dashboard)
- vmware-tanzu/octant
- Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
- weaveworks/scope
- Monitoring, visualisation & management for Docker & Kubernetes
- indeedeng/k8dash
- hjacobs/kube-ops-view
- Kubernetes Operational View - read-only system dashboard for multiple K8s clusters
- hjacobs/kube-resource-report
- kube-web-view alternatives
- oslabs-beta/kr8s
- Docker/Kubernetes Visualization Tool
- dnsjia/luban
- Apache-2.0, Go+Vue3+AntD
- eip-work/kuboard-press
Distribution
- 平台
- openshift - openshift/okd - openshift 社区版
- by Red Hat
- rancher
- by SUSE
- kubesphere
- by 青云
- openshift - openshift/okd - openshift 社区版
- Edge/Minimal
- k3s-io/k3s
- by Rancher, SUSE
- rancher/k3os
- 基于 Alpine 的 K3S 系统镜像
- 推荐直接使用 Alpine 然后安装 k3s
alpinelinux 安装 k3sapk add k3s - k0sproject/k0s
- by Team Lens - mirantis
- kubeedge/kubeedge
- CNCF, Huawei
- k3s-io/k3s
- 本地开发
- microk8s
- kubernetes-sigs/kind - Kubernetes in Docker
- Apache-2.0, Golang
- rancher/k3d - K3S in Docker
- Installer
- rancher/rke2
- rancher/rke
- 推荐使用 rke2
- autok3s
- kubeadm
- kubernetes-sigs/kubespray
- ansible based
- kubernetes/kops
- 有趣
- loft-sh/vcluster
- 虚拟集群 - 映射集群到 namespace
- COSI
- loft-sh/vcluster
- 正常发行版
- scality/metalk8s
- focus on long-term on-prem
- scality/metalk8s
- 兼容适配
- kcp-dev/kcp
- 兼容 kubectl api
- 用于实现自定义 cp
- 不是实际的 kubernetes
- kcp-dev/kcp
- 偏商业化版本
- cloudfoundry/cf-for-k8s
- 基于 k8s 之上的平台
- vmware-tanzu/community-edition
- Tanzu 社区版
- cloudfoundry/cf-for-k8s
- 不活跃
- gravitational/gravity Kubernetes application deployments for restricted, regulated or remote environments
GitOps
- Render/Template
- Helm
- gotpl, sprig
- Kustomize
- jsonnet
- data templating language
- JSON 超集
- google/go-jsonnet
- Helm
- 编排
- helm
- tanka
- jsonet
- by Grafana
- ArgoCD �不支持 https://github.com/argoproj/argo-cd/issues/3124
- Terraform
- argocd
- fleet
- flux
- flux-subsystem-argo/flamingo
- ArgoCD + Flux
- by Weave Works
- helmfile/helmfile
servicemesh
- linkerd
- consul
- openservicemesh/osm
网络
- projectcontour/contour Kubernetes ingress controller using Envoy proxy
- projectcontour/gimbal ingress load balancing capable of routing traffic to multiple Kubernetes
- voyagermesh/voyager L7/L4 (HAProxy) Ingress Controller
Operator
- operator-framework/operator-lifecycle-manager
- Service
- grafana-operator/grafana-operator
- Grafana,GrafanaDashboard,GrafanaDataSource,GrafanaNotificationChannel
- keycloak/keycloak-operator
- Keycloak,KeycloakRealm,KeycloakUser,KeycloakClient
- minio/operator
- grafana-operator/grafana-operator
- Infra
- PostgreSQL
- zalando/postgres-operator
- MIT, Go
- 🌟 推荐
- CrunchyData/postgres-operator
- sorintlab/stolon
- Apache-2.0, Go
- 🚧 停滞
- reactive-tech/kubegres
- Apache-2.0,
- 🚧 停滞
- ongres/stackgres
- AGPLv3, Java
- zalando/postgres-operator
- openshift/elasticsearch-operator
- operator-framework/operator-lifecycle-manager
- Opster/opensearch-k8s-operator
- https://operatorhub.io/
Secret & ConfigMap
- bitnami-labs/sealed-secrets
- 生成不可逆的密钥存储在仓库,控制器生成对应 Secret - 非对称加密
- 最简单实用
- external-secrets/external-secrets
- hashicorp vault, aws sm, aws ps, gcp sm
- alibaba cloud kms, Gitlab Project Variables
- banzaicloud/bank-vaults
- hashicorp/vault
- Secret as a Service, Encryption as a Servic
- 如何与 K8S 集成是个问题
- kubernetes-sigs/secrets-store-csi-driver
- aws, azure, gcp, vault
- jkroepke/helm-secrets
- viaduct-ai/kustomize-sops
- argoproj-labs/argocd-vault-plugin
- argocd + HashiCorp Vault
- 早期由 IBM 开发
- 参考
工具
- kubeops/config-syncer
- 原 kubed
- Go, Apache-2.0
- reflector
- C#, MIT
应用/Application
- oam-dev/spec Open Application Model
- oam-dev/kubevela
- openkruise/kruise Automate application management
- openpitrix/openpitrix
- 开发停止
开发/Dev
- telepresenceio/telepresence
- solo-io/squash
- goodrain/rainbond
云原生应用管理平台
- LGPL-3.0, Go
- open-hand/choerodon Multi-Cloud Integrated Platform
- metacontroller/metacontroller
Build
- pivotal/kpack
- Kubernetes Native Container Build Service
运维/Ops
Notify
- bitnami-labs/kubewatch
- Watch k8s events and trigger Handlers
Misc
- vmware-tanzu/sonobuoy diagnostic tool to understand the state of a Kubernetes cluster by running a set of Kubernetes conformance tests
- kvdi/kvdi Kubernetes-native Virtual Desktop Infrastructure
- kris-nova/naml replacing Kubernetes YAML with Go
- cdk8s-team/cdk8s
- ovh/cds Continuous Delivery Service
- Qihoo360/wayne multi-cluster management and publishing platform
- nuclio/nuclio Serverless event and data processing platform
- kyverno/kyverno Kubernetes Native Policy Management
- Grafeas/Grafeas Artifact Metadata API
API Gateway
- luraproject/lura
- builder , proxy generator, aggregator
- client -> lura ->
N*Service
- kubernetes-sigs/service-catalog
- openservicebrokerapi/servicebroker
Conf
- consul
- Caiyeon/goldfish
- UI, 已停止, 可参考
- Caiyeon/goldfish
- ctripcorp/apollo
- Apache-2.0, Java
- 携程
- 配置管理系统
Tool
- txn2/kubefwd Bulk port forwarding
- stakater/Reloader
watch changes in ConfigMap and Secrets and do rolling upgrades on Pod
- 重启 - 全局部署一个
- prometheus-config-reloader
- 强求 reload 接口 - 作为 sidecar 部署
- quay.io/prometheus-operator/prometheus-config-reloader
- telepresenceio/telepresence Local development against a remote Kubernetes
- jimmidyson/configmap-reload
Install
- easzlab/kubeasz Ansible 脚本安装 K8S 集群
- talos-systems/talos
modern OS for Kubernetes
- MPL-2.0, Go
- secure, immutable, minimal
- 通过 API 管理系统 - 无 shell
- mTLS
- KubeOperator/KubeOperator KubeOperator 是一个开源的轻量级 Kubernetes 发行版
- kubernetes-sigs/kubespray Deploy a Production Ready Kubernetes Cluster
Client
- https://github.com/kubernetes-client
- https://github.com/topics/k8s-sig-api-machinery
- kubernetes-client/javascript
- @kubernetes/client-node
- 2.3MB, 350KB
- @kubernetes/client-node
npm install @kubernetes/client-node
Security
- kuadrant/authorino Cloud-native AuthN/AuthZ enforcer
Build Controller & Operator
- KubeBuilder
- rancher/wrangler
- kubernetes-sigs/controller-tools
- spotahome/gontroller
- kubernetes/sample-controller
- kudobuilder/kudo
- Kubernetes Universal Declarative Operator