kube-score
skaffold
kube-score | skaffold | |
---|---|---|
8 | 83 | |
2,588 | 14,690 | |
- | 0.4% | |
8.0 | 9.2 | |
23 days ago | 8 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kube-score
- GitHub - zegl/kube-score: Kubernetes object analysis with recommendations for improved reliability and security
-
What should readiness & liveness probe actually check for?
This is taken from: https://github.com/zegl/kube-score/blob/master/README_PROBES.md and I have read the same opinions elsewhere.
-
How do you take care of your manifests?
A developer's workflow should anyway deploy to a real, or close-to-production Kubernetes cluster before opening a merge request with the finished change. That means the developer definitely sees upfront if the manifest is super wrong. Tools like kube-score (which is quite opinionated), kubeval or OPA rules can help in addition to keep things consistent and secure. For such a developer workflow, I recommend Skaffold since it mostly just wraps Docker, kubectl and the templating tool you're using (e.g. kustomize/helm).
- Kube-Score v1.14
- kube-score v1.14 – Kubernetes object analysis with recommendations for improved reliability and security
-
Securing Kubernetes Deployments
apps/v1/Deployment semaphore-demo-ruby-kubernetes 💥 [CRITICAL] Container Resources · semaphore-demo-ruby-kubernetes -> CPU limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.cpu · semaphore-demo-ruby-kubernetes -> Memory limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.memory · semaphore-demo-ruby-kubernetes -> CPU request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.cpu · semaphore-demo-ruby-kubernetes -> Memory request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.memory [CRITICAL] Container Image Pull Policy · semaphore-demo-ruby-kubernetes -> ImagePullPolicy is not set to Always It's recommended to always set the ImagePullPolicy to Always, to make sure that the imagePullSecrets are always correct, and to always get the image you want. [CRITICAL] Pod NetworkPolicy · The pod does not have a matching NetworkPolicy Create a NetworkPolicy that targets this pod to control who/what can communicate with this pod. Note, this feature needs to be supported by the CNI implementation used in the Kubernetes cluster to have an effect. [CRITICAL] Pod Probes · Container is missing a readinessProbe A readinessProbe should be used to indicate when the service is ready to receive traffic. Without it, the Pod is risking to receive traffic before it has booted. It's also used during rollouts, and can prevent downtime if a new version of the application is failing. More information: https://github.com/zegl/kube-score/blob/master/README_PROBES.md [CRITICAL] Container Security Context · semaphore-demo-ruby-kubernetes -> Container has no configured security context Set securityContext to run the container in a more secure context. v1/Service semaphore-demo-ruby-kubernetes-lb ✅
-
Top 20 useful k8s tools
Link : https://github.com/zegl/kube-score
skaffold
- Google to Discontinue Skaffold
-
You've just inherited a legacy C++ codebase, now what?
A nice middle ground is using a tool like Google's Skaffold, which provides "Bazel-like" capabilities for composing Docker images and tagging them based on a number of strategies, including file manifests. In my case, I also use build args to explicitly set versions of external dependencies.
While I am in a Typescript environment with this setup at the moment, my personal experience that Skaffold with Docker has a lighter implementation and maintenance overhead than Bazel. (You also get the added benefit of easy deployment and automatic rebuilds.)
I quite liked using Bazel in a small Golang monorepo, but I ran into pain when trying to do things like include third-party pre-compiled binaries in the Docker builds, because of the unusual build rules convention. The advantage of Skaffold is it provides a thin build/tag/deploy/verify layer over Docker and other container types. Might be worth a look!
Kudos to the Google team building it! https://skaffold.dev
-
Simplifying preview environments for everyone
To get a similar experience of preevy up, first we’ll need to split the build and deploy using process or alternatively employ tools that orchestrate build-tag-push-update-sync flow like Skaffold/Tilt.
- Is there a way to hot reload the code running in a container when I edit the codebase in VSCode?
-
Set up docker and kubernetes in ubuntu 22.04
We will be using docker and microk8s from Canonical. For running our software during development, we will be using skaffold which is a great tool developed by Google.
-
one container for a UI and one for express server. For dev would like to docker compose up. Couple questions
To add more context, if you are developing containers in a local dev environment, the minimum you should have is the Google Cloud SDK and Skaffold. The SDK will allow you to programmatically interact with Googleapis e.g. auth, services, resources. Skaffold will allow you to build and deploy to the cloud similar to working with a local dev environment.
-
How do you develop cloud-native applications locally on Kubernetes?
I have used both Skaffold and Devspace. I prefer the latter.
-
Launch HN: Moonrepo (YC W23) – Open-source build system
I wonder if it has some overlap with https://skaffold.dev/.
-
Building a RESTful API With Functions
K3d and Skaffold for local development
-
Does anyone else feel like this?
skaffold.dev - build in k8s - no more asking for the database password. All the plumbing to the backend is just done so it's easier for them to test and demo any branch
What are some alternatives?
polaris - Validation of best practices in your Kubernetes clusters
argo-cd - Declarative Continuous Deployment for Kubernetes
popeye - 👀 A Kubernetes cluster resource sanitizer
devspace - DevSpace - The Fastest Developer Tool for Kubernetes ⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.
kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
okteto - Develop your applications directly in your Kubernetes Cluster
datree - Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
telepresence - Local development against a remote Kubernetes or OpenShift cluster
kubeval - Validate your Kubernetes configuration files, supports multiple Kubernetes versions
helm - The Kubernetes Package Manager
polaris - Shopify’s design system to help us work together to build a great experience for all of our merchants.
flux2 - Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit.