kubeaudit
cadvisor
kubeaudit | cadvisor | |
---|---|---|
7 | 44 | |
1,840 | 16,323 | |
2.3% | 1.5% | |
3.8 | 8.0 | |
9 days ago | 6 days ago | |
Go | Go | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kubeaudit
- Looking for Tips on Open Sourcing a kubernetes security tool
-
Interesting tools?
kubeaudit: audit kubernetes or specific manifests for issues https://github.com/shopify/kubeaudit
- kubeaudit
-
Top 6 Kubernetes Security Tools
Here's a link to KubeAudit on Github
-
Introduction to Kubernetes Pentesting
kubeaudit - Audit Kubernetes clusters against common security concerns
-
Kubernetes Security Checklist 2021
Workload configuration should be audited regularly (Kics, Kubeaudit, Kubescape, Conftest, Kubesec, Checkov)
-
2 Widespread Attacks on Your Containerized Environment and 7 Rules to Prevent it.
Kubeaudit
cadvisor
-
List of your reverse proxied services
cAdvisor
-
Need Recommendation: btop like web page for docker
https://github.com/google/cadvisor exports Prometheus metrics, but also offers a simple web-ui for container metrics.
-
Exporters running, just not in prometheus?
version: '3' volumes: prometheus-data: driver: local grafana-data: driver: local services: prometheus: image: prom/prometheus:latest container_name: prometheus ports: - "9090:9090" volumes: - /etc/prometheus:/etc/prometheus - prometheus-data:/prometheus restart: unless-stopped command: - "--config.file=/etc/prometheus/prometheus.yml" grafana: image: grafana/grafana:latest container_name: grafana ports: - "3000:3000" volumes: - grafana-data:/var/lib/grafana restart: unless-stopped node_exporter: image: quay.io/prometheus/node-exporter:latest container_name: node_exporter command: - '--path.rootfs=/host' pid: host restart: unless-stopped volumes: - '/:/host:ro,rslave' cadvisor: # TODO: latest tag is not updated, check latest release https://github.com/google/cadvisor/releases image: gcr.io/cadvisor/cadvisor-arm:v0.47.0 container_name: cadvisor ports: - "8080:8080" network_mode: host volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro privileged: true restart: unless-stopped depends_on: - redis redis: image: redis:latest container_name: redis ports: - "6379:6379"
-
Prometheus JMX Exporter for Java17
For CPU and memory metrics, you can use cAdvisor to collect container level data.
-
Docker Monitoring Solution?
Perhaps https://github.com/google/cadvisor + prometheus (or influx or whatever else) + grafana?
- How to monitor container exit codes?
-
Building a realtime performance monitoring system with Kafka and Go
We could have used a much more focussed tool like Prometheus or Cadvisor to gather system stats, but that is not the main objective of this article.
-
Can ChatGPT Debug and Fix your Docker and Kubernetes Issues?
Result: Interestingly, the GitHub Issue that talks about cAdvisor and Docker Desktop for Mac for running cAdvisor is still open and not fixed.
-
Looking for an open source monitoring solution that will capture specific process info
If you're running things under systemd, you can enable process accounting and use cAdvisor.
-
How to identify docker containers names? The names do not match those in the CLI after typing "docker ps"
Check this thread if you’re having difficulties, but it might run out of the box these days: https://github.com/google/cadvisor/issues/1846
What are some alternatives?
kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
node_exporter - Exporter for machine metrics
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
kube-state-metrics - Add-on agent to generate and expose cluster-level metrics.
kubesec - Security risk analysis for Kubernetes resources
Netdata - The open-source observability platform everyone needs
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Zabbix - Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
kube-hunter - Hunt for security weaknesses in Kubernetes clusters
Portainer - Making Docker and Kubernetes management easy.
polaris - Shopify’s design system to help us work together to build a great experience for all of our merchants.
prometheus - The Prometheus monitoring system and time series database.