Tools & frameworks
Security
Monitoring tools
Techniques

Tools & frameworks

assess

  • 1. Dekorate

    Dekorate is a collection of Java compile-time generators and decorators for Kubernetes/OpenShift manifests. It makes generating Kubernetes manifests as easy as adding a dependency to the classpath and customizing as simple as setting an annotation or application property

    Opinion

    Dekorate has some limitations about container resources and deployment strategies definition. We recommeded to use this with concern.

    Dekorate Source.

  • 4. Pulumi

    Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach. Skip the YAML, and use standard language features like loops, functions, classes, and package management that you already know and love.

    Opinion

    We love this tool as we can use our favourite languages such as Typescript to define infrastructure components. However, we didn't evaluate enough if it would work smoothly on production, or multiple environments.

    Pulumi Source.

  • 14. Istio

    Cloud platforms provide a wealth of benefits for the organizations that use them. However, there’s no denying that adopting the cloud can put strains on DevOps teams. Developers must use microservices to architect for portability, meanwhile operators are managing extremely large hybrid and multi-cloud deployments. Istio lets you connect, secure, control, and observe services.

    Opinion

    It's a group of proxy servers (service mesh) that can observe what's happening with automatic tracing, monitoring, and logging of all your services and control the flow of traffic and API calls between services.

    Istio Source.

  • 15. Jlink

    Jlink is a tool to assemble and optimize a set of Java modules and their dependencies into a custom JRE runtime image.

    Opinion

    It's a tool used for creating a bundle of JRE that means you can customize the JRE as your own and optimize for improving the size and performance of your JRE.

    Cloud Native Build Pack Source.

  • 24. Rio

    Rio is an Application Deployment Engine for Kubernetes that can be layered on top of any standard Kubernetes cluster. Consisting of a few Kubernetes custom resources and a CLI to enhance the user experience, users can easily deploy services to Kubernetes and automatically get continuous delivery, DNS, HTTPS, routing, monitoring, autoscaling, canary deployments, git-triggered builds, and much more. All it takes to get going is an existing Kubernetes cluster and the rio CLI.

    Opinion

    It's an application deployment engine on top of Kubernetes just like OKD. However, it's still currently in Beta version. It can manage pipelines by few CLI commands.

    Rio Source.

adopt

  • 2. cdk8s

    cdk8s is a software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs. cdk8s generates pure Kubernetes YAML.

    Opinion

    cdk8s makes our developers easier to work with Kubernetes deployment templates with their favourite languages such as Typescript and faster our delivery processes.

    CDK8s Source.

  • 5. Kustomize

    Kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.

    Opinion

    We're using this on production and it helps us easier to manage Kubernetes YAML files for microservices in multiple environments with less logic and good maintainbility.

    Kustomize Source.

  • 6. Skaffold

    Skaffold handles the workflow for building, pushing and deploying your Kubernetes application, allowing you to focus on what matters most: writing code.

    Opinion

    We're using this on production to abstract Kubernetes complexity from our developers, provide continuous development to local developer machines, as well as manage our Kubernetes deployment workflows for multiple environments.

    Skaffold.

  • 7. Helm

    Helm is an open source package manager for Kubernetes. It provides the ability to provide, share, and use software built for Kubernetes. Helm was created in 2015 at Deis, which was later acquired by Microsoft. What is now known as Helm Classic was introduced at the inaugural KubeCon that November. In January 2016, Helm Classic was merged with Google’s Deployment Manager for Kubernetes into the repository that is now the main Helm project. The project currently has more than 30,000 GitHub stars and receives more than 2 million downloads a month from across the globe. In April 2020, Helm hit graduated status within CNCF, joining the ranks of Fluentd, containerd, and others.

    Opinion

    Heim is a good tool to manage / install Kubernetes infrastructure tool as a package on Kubernetes cluster with yaml and go templating. However, our pain point is that if we use it for microservice deployments (not infrastructure tools), it could be adding addditional complex layers such as fragile yaml syntax, non-readable templates, difficult to exend it to many microservices. Our recommendation is we should use Helm for complex infrastructure components only.

    Helm Source.

  • 8. Terraform

    Terraform is an Infrastructure as Code tool to provision and manage any clouds, infrastructures, or services

    Opinion

    Terraform is a tool to reduce the time for provisioning cloud instructure components regardless cloud providers. Terraform separates execution and planning phase from each other. Meaning that we can check what Terraform will provision before execution.

    Terraform Source.

  • 13. Apache Kafka

    Kafka® is used for building real-time data pipelines and streaming apps. It is horizontally scalable, fault-tolerant, wicked fast, and runs in production in thousands of companies.

    Opinion

    We're using this on Production to stream real time, gathering data metrics, gathering behavior personal information and process them with Kafka Stream then put it into Centralize logging.

    Apache Kafka Source.

  • 18. Docker

    Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.

    Opinion

    We are using this in Kubernetes Container Runtime Engine becuase it's powerful feature and easily to manage image on Kubernetes cluster.

    Docker Source.

  • 21. minikube

    A local Kubernetes cluster on macOS, Linux, and Windows. We proudly focus on helping application developers and new Kubernetes users.

    Opinion

    It's a tool for developers that can manage a Kubernetes cluster in their local with deploying containers into minikube by using minikube context.

    Minikube Source.

  • 22. Jib Plugin

    Jib is a Maven plugin for building Docker and OCI images for your Java applications.

    Opinion

    We're using this plugin for building Java Docker images. It abstracts complexity of building Java Docker images and do some optimizations.

    Jib Plugin Source.

hold

  • 3. cdk

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure (AWS) in code and provision it through AWS CloudFormation.

    Opinion

    As it stucks with AWS infrastructure components provisining, so we don't recommend to use it to avoid vendor lock down.

    CDK Source.

  • 10. Rancher 2

    Rancher is an open source project that provides a container management platform built for organizations that deploy containers in production. Rancher makes it easy to run Kubernetes everywhere, meet IT requirements, and empower DevOps teams.

    Opinion

    It's the platform for managing multiple Kubernetes clusters by Web Based UI. It's easy to use to create another Kubernetes cluster. However, It does not have core features such as a pipeline that is one decision to make us hold it on.

    Rancher 2 Source.

  • 17. Jenkins

    an open source automation server which enables developers around the world to reliably build, test, and deploy their software.

    Opinion

    It's an ochrestation tool for managing pipelines. However, we think this tool is very complex for creating a pipeline job.

    Jenkins Source.

trial

  • 9. Tekton

    The Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Tekton Pipelines are Cloud Native:

    Opinion

    We can leverage K8s capabilities to our pipelines using Tekton such as persistence volumes for pipeline caching, scale pipeline jobs as k8s pods, easy to config as k8s style syntax and good maintainbility.

    Tekton Source.

  • 11. OKD

    OKD is the Origin community distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OKD adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams.

    Opinion

    It's a platform that you are able to manage a cluster on top of Kubernetes. You are also able to manage pipelines and deployments just a few click.

    OKD Source.

  • 12. Kubeless

    Kubeless is a Kubernetes-native serverless framework that lets you deploy small bits of code (functions) without having to worry about the underlying infrastructure. It is designed to be deployed on top of a Kubernetes cluster and take advantage of all the great Kubernetes primitives. If you are looking for an open source serverless solution that clones what you can find on AWS Lambda, Azure Functions, and Google Cloud Functions, Kubeless is for you!

    Opinion

    It is designed to be deployed on top of a Kubernetes cluster that means you don't worry about the underlying infrastructure. we can create a function as code followed by the runtime.

    Kubeless Source.

  • 16. Cloud Native Build Pack

    A buildpack is something you’ve probably leveraged without knowing, as they’re currently being used in many cloud platforms. A buildpack’s job is to gather everything your app needs to build and run, and it often does this job quickly and quietly. That said, while buildpacks are often a behind-the-scenes detail, they are at the heart of transforming your source code into a runnable app image.

    Opinion

    Its a tool for transforming your source code into a runnable app image with predefined scripts without knowledge of Docker. However, the generated runnable app image is huge and vulnerable, so we recommended to use it with this concern.

    Cloud Native Build Pack Source.

  • 19. Containerd

    An industry-standard container runtime with an emphasis on simplicity, robustness, and portability.

    Opinion

    We will try this one to improve our performance of Kubernetes cluster because it's lightweight than Docker and so fast.

    ContainerD Source.

  • 20. k3s

    K3s is a highly available, certified Kubernetes distribution designed for production workloads in unattended, resource-constrained, remote locations or inside IoT and so on

    Opinion

    It's a lightweight Kubernetes Cluster Engine for developing applications in the local cluster. It's lightweight and performance consumption less than minikube that mean you can develop multi-applications in same time.

    K3s Source.

  • 23. k1s

    k1s: The world's simplest Kubernetes dashboard A minimalistic Kubernetes dashboard allowing you to observe Kubernetes resources of any type in any namespace (or across all namespaces) in real-time. It's implemented as a Bash script with 50 lines of code.

    Opinion

    It's a small dashboard which implemented as a Bash script that means it's the lightweight and real-time dashboard for monitoring Kubernetes cluster.

    k1s Source.

Monitoring tools

adopt

  • 25. Weave Scope

    Weave Scope automatically generates an object graph of your Kubernetes applications, enabling you to intuitively understand, monitor, and control your Kubernetes, microservices-based applications.

    Opinion

    As we're working on microservices. Weave Scope helps our team to visualize Kubernetes applications in our cluster and their dependencies, traffic flows, cpu, and memory usages. It easily identify and correct issues to ensure the stability and performance of our Kubernetes applications.

    Weave Scope Source.

  • 26. K9s

    K9s provides a terminal UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, observe and manage your applications in the wild. K9s continually watches Kubernetes for changes and offers subsequent commands to interact with your observed resources.

    Opinion

    K9s is a powerful monitoring tool for managing Kubernetes clusters with terminal UI without the needed to use kubectl command. It easily navigate, observe, manage our Kubernetes applications.

    K9s Source.

  • 28. Grafana

    Grafana has pluggable data source model and comes bundled with rich support for many of the most popular time series databases like Graphite, Prometheus, Elasticsearch, OpenTSDB and InfluxDB. It also has built-in support for cloud monitoring vendors like Google Stackdriver, Amazon Cloudwatch, Microsoft Azure and SQL databases like MySQL and Postgres. Grafana is the only tool that can combine data from so many places into a single dashboard.

    Opinion

    We use Grafana tools for visualizing data from metric. It's easy to use and modify UI as you want.

    Grafana Source.

  • 29. Prometheus

    Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. It is now a standalone open source project and maintained independently of any company.

    Opinion

    We use Prometheus tools for gathering metrics then digest into Grafana for visualizing data.

    Prometheus Source.

hold

  • 27. Lens

    Lens is the only IDE you’ll ever need to take control of your Kubernetes clusters. It is a standalone application for MacOS, Windows and Linux operating systems. It is open source and free.

    Opinion

    As our engineering nature, we prefer to use command line / terminal UI rather than the standalone application (GUI based) which more improve in term of productivity and save our time. Lens Source.

  • 30. Kubernetes Dashboard

    Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster resources.

    Opinion

    We don't like UI. It's the dashboard that looks complex and difficult for managing Kubernetes cluster.

    Kubernetes Dashboard Source.

Security

adopt

  • 31. Certificate Manager

    cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry. It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.

    Opinion

    Certificate Manager is a good tool to generate and sign Let's Encrypt certificates like CertBot, but for Kubernetes Ingress resources. It's easy to generate and sign certificates with only few annotations on Ingress resources.

    Certificate Manager Source.

  • 32. HashiCorp Vault

    Manage Secrets and Protect Sensitive Data Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

    Opinion

    We are using this for keeping the sensitive data of our configuration. It can control access by using token and specific path by enviroment.

    HashiCorp Vault Source.

  • 33. AWS Secret Manager

    AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text

    Opinion

    It's like a HashiCorp Vault. However, It's managed by AWS as SaaS (Software as a Services). It's a secrets management service that helps you protect credentials access for your applications, services, and IT resources.

    AWS Secret Manager Source.

Techniques

adopt

  • 34. Distroless Image

    "Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.

    Opinion

    It's a powerful technique that helps us to improve the size and performance of container images. by default, it does not contain a shell just include main application and runtime dependencies. That means, it cut out unnecessary for your app is a best practice employed by Google.

    Distroless Image Source.