kubefirst
Kyverno
kubefirst | Kyverno | |
---|---|---|
11 | 35 | |
1,516 | 5,119 | |
4.1% | 1.6% | |
9.1 | 9.9 | |
6 days ago | 5 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kubefirst
-
win cool stuff with kubefirst's new video game flappy-kray (oh and we have a new ui too i guess)
this isn't just any typical friday for us though, this is the day that we've been awaiting forever!!! we're excited to announce that not only did we release a new awesome UI for the kubefirst instant gitops platform, and not only is it all still free and installs gitops platforms in minutes, and not only is it an incredible new user experience, but we even let you play our new video game flappy-kray during the cluster provisioning operation. ๐ฑ๐๐ฎ
-
Best cross cloud managed Kubernetes that also supports bare metal?
[cofounder alert] Would love for you to consider our kubefirst instant gitops FOSS platforms. Fully managed K8S: our platform provisions managed kubernetes clusters in our cloud versions of the platform - or k3d clusters when running the platform locally Support for cross cloud and bare metal: we support aws, civo, vultr*, digitalocean*, and apply our k3d platform to bare metal stories, but our homelabs community is going in some neat new directions for bare metal k8s as well. Installation on new machines should be fully automatic: 100% - single command Terraform: all infra (terraform) and app config (argocd) is powered by a gitops repository that we give you, the tf is wired up and automated with atlantis, and your changes to the platform are a pull request away. love most of our tools, but hate a couple and want a bunch more - no problem, start here. --- stuff you didn't ask for: - application delivery with argo workflows preintegrated with github or gitlab with self hosted runners - secrets management, user management, and an oidc provider with hasicorp vault that's automatically configured throughout the platform. vault is our single source of truth for every secret throughout the platform (apps, iac, ci, etc) - cluster management: management of workload clusters (rancher like) will be release in 2.2 in a few weeks. we have to release our new ui first in 2.1 and that's expected in the next week or two. --- it seems like with the immediate cross cloud / hybrid needs you have, you may need more out of cluster management than we can offer today, but it's the focus for the next 2 releases. we're an open source free solution that's trying to solve a lot of the problems that you're up against, we have an active community and would love to help support your use case.
-
Weekly: Share your EXPLOSIONS thread
nothing blew up accidentally this week, but our team at kubefirst is falling more and more in love with aws-nuke. it's an open source command line tool that lets you basically reset an aws account back to an empty state. if you have an environment where you regularly practice your platform provisioning, you probably know that failed destroys while iterating on orchestration can leave junk behind pretty easily. aws-nuke has been so nice to be able to blow away everything in an aws account - and then we just run terraform in the account to get all our core infra back afterward. nice allowlist filters and dryrun detail work too. check them out.
-
container signing and verification using cosign and kyverno
we'll be looking into leveraging this technique at kubefirst - wondering if anyone here has other thoughts on the tech used in this piece or any FOSS alternatives we should be considering for container sig validation? this seems just about as frictionless as the discipline can get - but don't know what other gems might be out there in this space that folks may be flipping over.
-
self-built apps: do you like using helm or kustomize to deliver them to kubernetes
at kubefirst we internally love both helm and kustomize. to build our instant oss gitops platforms we use both.
-
PSA: short-sha container names? guard your strings or face the eventual wrath of euler's number!!
at kubefirst we build containers a lot - gitops ci pipelines are part of our instant oss platforms. i ran into this issue a few years ago that blew my mind and i haven't been able to reproduce until yesterday.
- How to obtain professional Kubernetes experience?
-
Best way to install and use kubernetes for learning
check us out if it sounds neat โญ https://github.com/kubefirst/kubefirst
- A live example project that builds out a kubernetes cluster for you in full in AWS. Definitely needs contributors. At a minimum needs to go multi-cloud to less expensive providers like DigitalOcean.
-
How can I learn and apply "skills" like Jira/Kubernetes without being in a professional setting?
Kubernetes: launch a service of your choosing, like Pritunl VPN. Dockerize it, create some helm charts for it, set it up in a CICD pipeline of your choosing. There's also a project called nebulous you might want to check out that aims to demonstrate k8s capabilities with a live env but it's very early stages. If you can do the former task in, say, DigitalOcean, you'll have a good head start. I can send you some additional "homework" you can work on if you'd like as well and the solution to the first task I mentioned just DM me.
Kyverno
-
Stop 'k rollout restart deploy' from restarting everything?
Anyway, I havenโt checked for sure as Iโm away from laptop but it should be possible to use something like Kyverno to block that operation. We had to do similar in the past to hotfix a bug in our CLI tool. I wrote a blog post about it that might give you an idea: https://www.giantswarm.io/blog/restricting-cluster-admin-permissions
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Cosign is used for signing containers through a variety of different methods. It has strong integration with other open source tools, such as Kyverno.
- Kyverno
-
container signing and verification using cosign and kyverno
cosign: https://docs.sigstore.dev/cosign/overview/ kyverno: https://kyverno.io/
-
Introduction to Day 2 Kubernetes
Kyverno - Kubernetes Native Policy Management
-
Admission controller to mutate cpu requests?
You could use a policy tool like kyverno or OPA.
-
Multi-tenancy with ProjectSveltos
Kyverno is present in the management cluster;
-
Did I miss something here, regarding network policies and helm templates? (Slightly ranty)
You do still have to create a policy for every namespace, but don't have to worry about labeling individual pods. We're starting to move to Helm/kustomize for our namespaces to deploy default things like network policies to each one, and we're also starting to use kyverno more, which I think is a little more purpose built for this type of thing than metacontroller is.
-
kubernetes provider resources v1 vs non-v1 is it just me or is this dumb?
I knew it was unsupported so about 6 months ago I had started an effort to switch to Kyverno, which is far better and actually supported. The version of Kyverno I was using had a v1beta1 AdmissionController. Fortunately that was in a helm chart so easily caught by pluto before my upgrade.
-
Kyverno Policy As Code Using CDK8S
Kyverno Kyverno is a policy engine designed for Kubernetes, Kyverno policies can validate, mutate, and generate Kubernetes resources plus ensure OCI image supply chain security.
What are some alternatives?
machine-api-operator - Machine API operator
falco - Cloud Native Runtime Security
aks-engine - AKS Engine: legacy tool for Kubernetes on Azure (see status)
gatekeeper - ๐ Gatekeeper - Policy Controller for Kubernetes
kratix - Kratix is an open-source framework for building platforms
Kubewarden - Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego. Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
atlantis - Terraform Pull Request Automation
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
k3d - Little helper to run CNCF's k3s in Docker
k-rail - Kubernetes security tool for policy enforcement
kubicorn - Simple, cloud native infrastructure for Kubernetes.
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.