kiosk
klum
Our great sponsors
kiosk | klum | |
---|---|---|
8 | 2 | |
1,065 | 306 | |
0.8% | - | |
0.0 | 0.0 | |
6 months ago | 7 months ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kiosk
-
Multi-tenancy in Kubernetes
Kiosk
-
Dedicated backend resources per client
Have a look at https://github.com/loft-sh/kiosk and maybe the paid version https://loft.sh/
-
Checklist for Platform Engineers
Kubernetes was designed as a single-tenant platform. Sharing clusters, though, offers greater flexibility, simplifies infrastructure, and improves cost-efficiency. Therefore, it makes sense to use a multi-tenant system. To keep tenants separate and prevent compromised tenants from affecting others, you can use role-based access control (RBAC) or namespaces. Tools that assist with multi-tenancy in Kubernetes include kiosk and loft.
-
User management qustion
For simple environments I'm using klum, for bigger environments I'm using OIDC with Keycloak. Beside that kiosk also looks interesting.
-
RBAC for developer self-service?
https://github.com/loft-sh/kiosk (from makers of loft)
- Meet Rich Burroughs - Loft Blog
klum
-
Top 200 Kubernetes Tools for DevOps Engineer Like You
TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organizationās policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CKĀ®
-
User management qustion
For simple environments I'm using klum, for bigger environments I'm using OIDC with Keycloak. Beside that kiosk also looks interesting.
What are some alternatives?
capsule - Multi-tenancy and policy-based framework for Kubernetes.
vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
loft - Namespace & Virtual Cluster Manager for Kubernetes - Lightweight Virtual Clusters, Self-Service Provisioning for Engineers and 70% Cost Savings with Sleep Mode
Openshift Origin - Conformance test suite for OpenShift
sandbox-operator - A Kubernetes operator for creating isolated environments
devspace - DevSpace - The Fastest Developer Tool for Kubernetes ā” Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Kyverno - Kubernetes Native Policy Management
devspace-plugin-loft - Loft Plugin for DevSpace - adds commands like `devspace create space` or `devspace create vcluster` to DevSpace
firecracker-containerd - firecracker-containerd enables containerd to manage containers as Firecracker microVMs