What is the biggest challenge you/your org faces while running k8s in production?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/kubernetes

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • OPS - Build and Run Open Source Unikernels
  • lens

    Lens - The way the world runs Kubernetes

    https://k8slens.dev/ solves this exact issue via a feature called Spaces... Long story short, Cluster admin can give specific access to a Kubernetes cluster without sharing the KubeConfig file... You can create specific teams for your "Space" and give different access to each team via role bindings etc... It's pretty neat. Here's a blog that explains this in depth and how to do it... https://medium.com/k8slens/how-to-give-developers-secure-access-to-kubernetes-clusters-c6025f0dd288

  • kube-oidc-proxy

    Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.

    We use Keycloak for this purpose. We deploy an OIDC-proxy to the kube-api (https://github.com/jetstack/kube-oidc-proxy), then use the kubectl plugin 'kubelogin' (aka oidc-login if you use krew - https://github.com/int128/kubelogin). This gives us the ability to have no user secrets in our KUBECONFIG, and to use Keycloak's Active Directory/LDAP user & group federation to control access to clusters. With this, downloading the KUBECONFIG is self-service, and adding users to new clusters is as easy as adding them to a group in AD.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • kubelogin

    kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)

    We use Keycloak for this purpose. We deploy an OIDC-proxy to the kube-api (https://github.com/jetstack/kube-oidc-proxy), then use the kubectl plugin 'kubelogin' (aka oidc-login if you use krew - https://github.com/int128/kubelogin). This gives us the ability to have no user secrets in our KUBECONFIG, and to use Keycloak's Active Directory/LDAP user & group federation to control access to clusters. With this, downloading the KUBECONFIG is self-service, and adding users to new clusters is as easy as adding them to a group in AD.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts