Building

Kubernetes¶

Tool	Description
Skaffold	Command line tool that facilitates continuous development for Kubernetes applications Allows to iterate on your application source code locally then deploy to local or remote Kubernetes clusters It handles the workflow for building, pushing and deploying your application
tekton	A Kubernetes-native pipeline resource The Tekton Pipelines project provides Kubernetes-style resources for declaring CI/CD-style pipelines
cosign	Container Signing, Verification and Storage in an OCI registry (blog post) cosigned: A Kubernetes admission controller to verify images have been signed by cosign Related articles: Setup a Github Action to build and sign an image How to Secure Containers with Cosign and Distroless Images: the need of using Distroless container images and Cosign for safer production deployments How To Verify Cosigned Container Images In Amazon ECS: How to verify signed images in Amazon Elastic Container Service, with cosign sigstore, the local way: How to build the sigstore stack (cosign, rekor, fulcio) on your machine and use it to sign and verify container signatures
k8s-digester	Add digests to container and init container images in Kubernetes pod and pod template specs Can be used either as a mutating admission webhook, or as a client-side KRM function with kpt or kustomize

Tool	Description
quay	Registry: Build, Store, and Distribute your Applications and Containers
distribution	Basis of the container registry that is part of Docker Hub
reg	Docker registry v2 command line client and repo listing generator with security checks
kraken	P2P Docker registry capable of distributing TBs of data in seconds
go-containerregistry	Go library and CLIs for working with container registries It also lets you build your own layers and images programmatically
crane	crane is a tool for interacting with remote images and registries
sinker	Syncs container images from one registry to another Useful in cases when you rely on images that exist in a public container registry, but need to pull from a private registry
serverless-registry-proxy	Serverless reverse proxy for exposing container registries (GCR, Docker Hub, Artifact Registry etc) on custom domains

Tool	Description
velero	Backup and migrate Kubernetes applications and their persistent volumes
kube-janitor	Cleans up (deletes) Kubernetes resources after a configured TTL
kube-resource-report	Report Kubernetes cluster and pod resource requests vs usage and generate static HTML
k8s-image-swapper	Mirror images into your own registry and swap image references automatically
outdated	Kubectl plugin to find and report outdated images running in a Kubernetes cluster
eraser	Remove a list of non-running images from all Kubernetes nodes in a cluster
Kubernetes Instance Calculator	Visualize Kubernetes cost calculations in an interactive way
Public Container Images Detector	A collection of tools to statically and dynamically identify public container images that are hosted on Docker Hub
kubectl-cost	CLI for determining the cost of Kubernetes workloads
Dexter	Can be placed into your CI processes to scrape through the repository and find files that contain image references, with the aim of pinning them to the immutable digest
watchtower	A process for automating Docker container base image updates

Tool	Description
kube-state-metrics	Simple service that listens to the Kubernetes API server and generates metrics about the state of the objects Monitoring Kubernetes Jobs: How to use kube-state-metrics and Prometheus to monitor CronJobs Step-by-step guide to setting up Prometheus Alertmanager with Slack, PagerDuty, and Gmail: Create alerting rules in Prometheus, set up Alertmanager, and set up Slack alerts
kwatch	Monitor and detect crashes in your Kubernetes cluster instantly
kubediff	Show differences between running state and version controlled configuration

Tool	Description
Move Over, Dockerfiles! The New Way to Craft Containers	ko (designed specifically for Go applications) Bazel rules_oci Nix dockerTools apko: a build tool from Chainguard designed specifically for creating base images
img	Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder
jib	Build container images for your Java applications
makisu	Docker image building tool, works in unprivileged containerized environments like Mesos and Kubernetes
copilot-cli	Tool to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate
apko	Build OCI images using APK directly without Dockerfile You can also refer to the companion blog post
finch	An open source client for container development, from AWS

Tool	Description
Chainguard Images	Chainguard Images is a collection of container images designed for minimalism and security
distroless	Language focused docker images, minus the operating system "Distroless" images contain only your application and its runtime dependencies They do not contain package managers, shells or any other programs
docker-slim	Minifies container images by analysing what is actually used at runtime, and throwing away the rest Not a replacement for scratch builds entirely, but a useful stepping-stone towards them
Wolfi	A lightweight GNU software distribution which is designed around minimalism, making it well-suited for containerized environments built with apko

Tool	Description
hadolint	A smarter Dockerfile linter that helps you build best practice Docker images
amazon-ecr-credential-helper	Automatically gets credentials for Amazon ECR on docker push/docker pull

Tool	Description
Bottlerocket	Linux-based open source operating system designed and optimized specifically for use as a container host Bottlerocket Security Guidance: Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements
EC2 Image Builder	Build a golden Windows OS image that follows the STIGs compliance guidelines