Few computing platforms—even those of great power and scale—satisfy every need as-is. While Kubernetes is useful out of the box, it’s far from complete. You can always find a use case or a need where the default Kubernetes feature set falls short, such as database support, or simply ignores, such as continuous delivery.

That’s where the broader Kubernetes community comes in, with add-ons, extensions, and bonus goodies for the container orchestration framework. Here are 11 of the top Kubernetes companions we’ve found. Some will complement any Kubernetes cluster, while others address specific needs that stock Kubernetes doesn’t address.

The Open Policy Agent project (OPA) provides a way to create policies across cloud-native application stacks, from ingress to service-mesh components to Kubernetes. Gatekeeper provides a Kubernetes-native way to enforce OPA policies on a cluster automatically, and to audit for any events or resources violating policy. All this is handled by a relatively new mechanism in Kubernetes, admission controller Webhooks, that fire on changes to resources. With Gatekeeper, OPA policies can be maintained as just another part of your Kubernetes cluster’s defined state, without needing constant babysitting. 

If you want to deploy an application into Kubernetes, many apps have Helm charts to guide and automate the process. But what if you want to take a Kubernetes cluster as is and deploy it somewhere else?

Gravity takes snapshots of Kubernetes clusters, their container registries, and their running applications, called “application bundles.” The bundle, which is just a .tar file, can replicate the cluster anywhere Kubernetes runs.

Gravity also ensures that the target infrastructure can support the same behavioral requirements as the source, and that the Kubernetes runtime on the target is up to snuff. The enterprise version of Gravity adds security features including role-based access controls and the ability to synchronize security configurations across multiple cluster deployments.

The latest major version, Gravity 7, can deploy a Gravity image into an existing Kubernetes cluster, versus spinning up an all-new cluster using the image. Gravity 7 can also deploy into clusters that aren’t already running a Gravity-defined image. Plus, Gravity now supports SELinux and integrates natively with the Teleport SSH gateway.

In this 90-second video, learn about Kubernetes, the open-source system for automating containerized applications, from one of the technology’s inventors, Joe Beda, founder and CTO at Heptio.

Most container images are built on a system outside of a container stack. Sometimes, though, you want to perform the build process inside a container stack—e.g., within a running container or somewhere on a Kubernetes cluster.

Kaniko performs container builds inside a container environment, but without relying on a container daemon like Docker to do the work. Instead, Kaniko extracts the file system from the base image, then executes all of the build commands in user space atop the extracted file system, taking a snapshot of the file system after each command.

Note that Kaniko currently cannot build Windows containers.

Most Kubernetes administration tools focus on ease of use, monitoring, insight into pod behaviors, and the like. But what about monitoring the costs—as in the dollars and cents—associated with running Kubernetes?

Kubecost uses real-time Kubernetes metrics, and real-world cost information derived from running clusters on the major cloud providers, to provide a dashboard view of the monthly cost of each cluster deployment. Costs for memory, CPU, GPU, and storage are all broken out by Kubernetes component (container, pod, service, deployment, etc.).

Kubecost can also track the costs of “out of cluster” resources, such as Amazon S3 buckets, although this is currently limited to AWS. Cost data can even be shared back to Prometheus, so you can use the data to programmatically alter cluster behavior.

Kubecost is free to use if you only need to keep 15 days of logs. For more advanced features, pricing starts at $199 per month for monitoring 50 nodes.

Databases have always been difficult to run elegantly in Kubernetes. You’ll find Kubernetes operators for the likes of MySQL, PostgreSQL, MongoDB, and Redis, but there are plenty of gaps. And the native Kubernetes feature set doesn’t directly address many of the specific problems with databases.

KubeDB allows you to create your own Kubernetes operators for managing databases. Running backups, cloning, monitoring, snapshotting, and declaratively creating databases are all part of the mix. Note that supported features vary among databases. For instance, clustering is available for PostgreSQL but not MySQL. 

One surefire way to stress test a system is to break stuff at random. That’s the theory behind Netflix’s Chaos Monkey, a chaos engineering tool that randomly terminates virtual machines and containers running in production to “encourage” developers to build more resilient systems. Kube-monkey is an implementation of the same basic idea for stress-testing Kubernetes clusters. It works by randomly killing pods in a cluster that you specifically designate, and can be fine-tuned to operate within specific time windows.

Kubernetes provides external load balancing and network services to a cluster through a service called Ingress. Amazon Web Services provides load balancing functionality, but doesn’t automatically couple these services to Kubernetes’ facilities for same. The Kubernetes Ingress Controller for AWS closes that gap.

The Kubernetes Ingress Controller for AWS manages AWS resources for each ingress object in a cluster automatically, creating load balancers for new ingress resources and deleting load balancers for removed ones. It uses AWS CloudFormation to ensure that cluster state remains consistent. It also supports CloudWatch Alarm configurations and auto-manages other elements used in the cluster like SSL certificates and EC2 Auto Scaling Groups.

Kubespray automates the deployment of a production-ready Kubernetes cluster in most any environment, from bare metal to the major public clouds. It uses Ansible (optionally Vagrant) to perform the deployment, and creates a highly available cluster with your choice of network plug-in (e.g. Flannel, Calico, Weave, etc.) and your choice among many popular Linux distributions for bare-metal installs.

Skaffold is one of Google’s own tools for Kubernetes, a way to perform continuous deployment for Kubernetes apps. When you make changes to your source code, Skaffold automatically detects them, triggers the build and deploy process, and warns you if any errors surface. Skaffold runs entirely on the client side, so there is little setup or maintenance burden. It can be used in an existing CI/CD pipeline, and integrates with a few external build tools, chiefly Google’s own Bazel.

Teresa is an application deployment system that runs as a simple PaaS on Kubernetes. Users, organized into teams, can deploy and manage applications that belong to them. This makes it a little easier for people who are trusted with a given application to work with it, without having to deal with Kubernetes and all of its complexities.

Developed by Windmill Engineering, Tilt monitors changes to Dockerfiles, then deploys those changes incrementally to the appropriate containers in a Kubernetes cluster. In essence, Tilt allows developers to update a live cluster in real time merely by updating a Dockerfile. Tilt performs the build inside the cluster; the only changes pushed are source code. You can even snapshot cluster state and error conditions from a Tilt state to share with team members for debugging.

To continue reading this article register now

Learn More   Existing Users Sign In