rbac-manager is a Kubernetes operator that simplifies RBAC authorization through declarative custom resources. It manages role bindings and service accounts based on a desired state, which I find much clearer than direct management.
Visit github.com →
Kubeshark is an API traffic analyzer for Kubernetes, providing essential real-time protocol-level visibility for debugging and monitoring network interactions within K8s clusters.
Talos Linux is a dedicated, secure, immutable, and minimal operating system specifically for running Kubernetes nodes. It's API-managed and declarative, eliminating configuration drift and traditional OS overhead like SSH or package managers.
kwatch is a nice little tool I maintain that monitors Kubernetes clusters, detecting app crashes in real-time and sending instant notifications. It's focused on real-time crash detection and change monitoring within K8s.
Kube Downscaler is a pragmatic tool for automatically scaling down Kubernetes deployments and other workloads during off-peak hours, like weekends or nights, to optimize resource usage and costs. I find it useful for non-production environments.
Kilo is a multi-cloud network overlay built on WireGuard, designed for Kubernetes. It creates an encrypted layer 3 network, enabling secure communication for multi-cloud and multi-cluster Kubernetes deployments, even with NAT. This is a solid solution for federated clusters.
I consider the NSA's Kubernetes Hardening Guidance critical. It's an invaluable resource for securing deployments, providing a baseline from the most paranoid perspective to ensure robust protection against sophisticated threats.