Skip to content

Interaction

Basic

Tool Description
kubectl See Kubectl page
lazydocker A simple terminal UI for both docker and docker-compose
debug-shell k run -it --rm --restart=Never kube-shell --image=busybox:1.28 -- sh
debug scratch images $ wget -O busybox https://busybox.net/downloads/binaries/1.21.1/busybox-x86_64
$ docker cp busybox <container>:/busybox
$ docker exec -ti <container>:/busybox sh

Inspection

Tool Description
dive
  • A tool for exploring each layer in a docker image
  • Usage: docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive:latest <args>
dfimage Reverse-engineer a Dockerfile from a Docker image
syft CLI tool and library for generating a Software Bill of Materials from container images and filesystems
octant A web-based, highly extensible platform for developers to better understand the complexity of Kubernetes clusters
lens Standalone Kubernetes IDE (~Octant)
kubectl-dig Deep kubernetes visibility from kubectl
container-diff Tool for analyzing and comparing (diffing) container images
kpexec Cli that runs commands in a container with high privileges
krew Package manager for "kubectl plugins"

Useful Krew Plugins

Name Description
access-matrix Show an access matrix for all resources (rakkess)
debug-shell Create pod with interactive kube-shell
exec-as Like kubectl exec, but offers a user flag
kubectl-images List the container images used in the cluster
kubesec-scan Scan Kubernetes resources with kubesec.io
kubetap Interactively proxy Kubernetes Services
mtail Tail logs from multiple pods matching label selectors
node-admin List nodes and run privileged pod with chroot
open-svc Open the Kubernetes URL(s) for the specified service
pod-shell Display a list of pods to execute a shell in
rbac-lookup Reverse lookup for RBAC
rbac-view A tool to visualize your RBAC permissions
sniff NOT OPSEC SAFE, easily start a remote packet capture
ssh-jump A kubectl plugin to SSH into Kubernetes nodes
sudo Run Kubernetes commands impersonated as group
view-secret Decode secrets
view-serviceaccount-kubeconfig Show a kubeconfig setting to access the apiserver
warp Sync and execute local files in Pod
Back to top