enhancements VS kubeconform

Compare enhancements vs kubeconform and see what are their differences.

kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources! (by yannh)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
enhancements kubeconform
63 4
3,457 2,267
0.7% -
9.8 6.3
8 days ago 4 months ago
Go Go
Apache License 2.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

enhancements

Posts with mentions or reviews of enhancements. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-07-28.
  • A skeptic's first contact with Kubernetes
    8 projects | news.ycombinator.com | 28 Jul 2024
    The motivation is more the latter, but it's not at all clear the proposed removal of the embedded kustomize will proceed, given the compatibility implications. See discussion at https://github.com/kubernetes/enhancements/issues/4706#issue... and following.
  • Debugging Distroless Images with kubectl and cdebug
    2 projects | dev.to | 31 May 2024
    (I do see there are some proposed enhancements related to profiles that might help here)
  • Design Docs at Google
    3 projects | news.ycombinator.com | 7 May 2024
    Thanks for these links!

    I picked out one at random just to check if my skeptical reaction is fair: https://github.com/kubernetes/enhancements/tree/master/keps/...

    - OK, this is actually a really good and useful doc!

    - However, it's not an up-front design doc, it has clearly been written after the bulk of the work has been done, to explain and justify rolling out a big change. (See the "implementation history" timeline: https://github.com/kubernetes/enhancements/tree/master/keps/...)

    - It looks like the template wasn't very useful; most of the required sections are marked "N/A", and there are comments like The best test for work like this is, more or less, "did it work?"

  • IBM to buy HashiCorp in $6.4B deal
    1 project | news.ycombinator.com | 25 Apr 2024
    > was always told early on that although they supported vault on kubernetes via a helm chart, they did not recommend using it on anything but EC2 instances (because of "security" which never really made sense their reasoning).

    The reasoning is basically that there are some security and isolation guarantees you don't get in Kubernetes that you do get on bare metal or (to a somewhat lesser extent) in VMs.

    In particular for Kubernetes, Vault wants to run as a non-root user and set the IPC_LOCK capability when it starts to prevent its memory from being swapped to disk. While in Docker you can directly enable this by adding capabilities when you launch the container, Kubernetes has an issue because of the way it handles non-root container users specified in a pod manifest, detailed in a (long-dormant) KEP: https://github.com/kubernetes/enhancements/blob/master/keps/... (tl;dr: Kubernetes runs the container process as root, with the specified capabilities added, but then switches it to the non-root UID, which causes the explicitly-added capabilities to be dropped).

    You can work around this by rebuilding the container and setting the capability directly on the binary, but the upstream build of the binary and the one in the container image don't come with that set (because the user should set it at runtime if running the container image directly, and the systemd unit sets it via systemd if running as a systemd service, so there's no need to do that except for working around Kubernetes' ambient-capability issue).

    > It always surprised me how these conversations went. "Well we don't really recommend kubernetes so we won't support (feature)."

  • Exploring cgroups v2 and MemoryQoS With EKS and Bottlerocket
    7 projects | dev.to | 19 Feb 2024
    0 is not the request we've defined. And that makes sense. Memory QoS has been in alpha since Kubernetes 1.22 (August 2021) and according to the KEP data was still in alpha as of 1.27.
  • Jenkins Agents On Kubernetes
    7 projects | dev.to | 4 Sep 2023
    Note: There's actually a Structured Authentication Config established via KEP-3331. It's in v1.28 as a feature flag gated option and removes the limitation of only having one OIDC provider. I may look into doing an article on it, but for now I'll deal with the issue in a manner that should work even with a bit older versions versions of Kubernetes.
  • Isint release cycle becoming a bit crazy with monthly releases and deprecations ?
    2 projects | /r/kubernetes | 11 Jul 2023
    Kubernetes supports a skew policy of n+2 between API server and kubelet. This means if your CP and DP are both on 1.20, you could upgrade your control plane twice (1.20 -> 1.21 -> 1.22) before you need to upgrade your data plane. And when it comes time to upgrade your data plane you can jump from 1.20 to 1.22 to minimize update churn. In the future, this skew will be opened to n+3 https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3935-oldest-node-newest-control-plane
  • Kubernetes SidecarContainers feature is merged
    7 projects | news.ycombinator.com | 10 Jul 2023
    The KEP (Kubernetes Enhancement Proposal) is linked to in the PR [1]. From the summary:

    > Sidecar containers are a new type of containers that start among the Init containers, run through the lifecycle of the Pod and don’t block pod termination. Kubelet makes a best effort to keep them alive and running while other containers are running.

    [1] https://github.com/kubernetes/enhancements/tree/master/keps/...

  • What's there in K8s 1.27
    1 project | dev.to | 4 Jun 2023
    This is where the new feature of mutable scheduling directives for jobs comes into play. This feature enables the updating of a job's scheduling directives before it begins. Essentially, it allows custom queue controllers to influence pod placement without needing to directly handle the assignment of pods to nodes themselves. To learn more about this check out the Kubernetes Enhancement Proposal 2926.
  • Dependencies between Services
    1 project | /r/kubernetes | 6 Apr 2023
    What your asking is a (vanilla) Kubernetes non-goal, others have mentioned fluxcd and other add ons that provide primitives for dependency aware deployments. The problem space is so large, that it's unreasonable to to address these concerns in Kubernetes itself, instead, make it extensible... Look at this KEP for example: https://github.com/kubernetes/enhancements/issues/753 Sidecar containers have existed, and been named as such since WAY before that KEP's inception, defining what these things should and shouldn't do is largely arbitrary. Aka: your use-case is niche, if you don't like the behavior, use flux or argo, or write something yourself.

kubeconform

Posts with mentions or reviews of kubeconform. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-05.
  • Dealing with Yaml files
    4 projects | /r/kubernetes | 5 Jul 2023
    If you want to validate your resources against the schema of the resources (mind you also crds) you can use kubeconform.
  • [Show] Detecting YAML Issues Early
    3 projects | /r/kubernetes | 25 Oct 2022
    How is it different from https://github.com/yannh/kubeconform?
  • Securing Kubernetes Deployments
    4 projects | dev.to | 8 Nov 2021
    wget https://github.com/yannh/kubeconform/releases/download/v0.4.12/kubeconform-linux-amd64.tar.gz tar xf kubeconform-linux-amd64.tar.gz sudo cp kubeconform /usr/local/bin checkout kubeconform --summary deployment.yml
  • A Deep Dive Into Kubernetes Schema Validation
    7 projects | dev.to | 1 Jun 2021
    Kubeval and kubeconform are command-line tools that were developed with the intent to validate Kubernetes manifests without the requirement of having a running Kubernetes environment. Because kubeconform is based on kubeval, they operate similarly — verification is performed against pre-generated JSON schemas that are created from the OpenAPI specifications (swagger.json) for each particular Kubernetes version. All that remains to run the schema validation tests is to point the tool executable to a single manifest, directory or pattern.

What are some alternatives?

When comparing enhancements and kubeconform you can also consider the following projects:

spark-operator - Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes.

kubeval - Validate your Kubernetes configuration files, supports multiple Kubernetes versions

kubernetes-json-schema - Schemas for every version of every object in every version of Kubernetes

kubernetes-schema-validation - resources for the blog post about Kubernetes schema validation

klipper-lb - Embedded service load balancer in Klipper

kube-score - Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

pixie - Instant Kubernetes-Native Application Observability

connaisseur - An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

kpt - Automate Kubernetes Configuration Editing

conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language

hyperfine - A command-line benchmarking tool

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that Go is
the 4th most popular programming language
based on number of metions?