The awesome of Container and Kubernetes

Purpose

This page is created for purpose store relation to helpful articles, make a some reference link when you can check and understand more about K8s (Kubernetes) and awesome things with this orchestration, but also learning and exploring more about worldwide containerization 🔥

Docker & Containerization

Articles

• Medium - Powerful Docker Alternatives in 2024
• AquaSec - Container Engines: How They Work and Top 7 Options
• Blackvoid - Synology, Docker and open source tech blog
• Medium - Deep Dive into Docker Containers | Architecture and Features
• Docker - Alternative container runtimes
• Cloudraft - Most Popular Container Runtimes
• Medium - 11 Open-Source SaaS Killer — Selfhost With Docker
• Medium - 11 Open-Source SaaS Killer — Selfhost With Docker -2
• Medium - 11 Open-Source SaaS Killer — Selfhost With Docker -3
• Dev.to - Comparison of Alpine, Slim, Stretch, Buster, Jessie, and Bullseye Linux Distributions

Awesome Repositories

• awesome-compose : Awesome Docker Compose samples
• awesome-docker : 🐳 A curated list of Docker resources and projects
• awesome-stacks: Deploy 120+ open-source web apps with one Docker command.
• bitnami-containers : Bitnami container images

Development & Implementation

• Ivan Velichko - Implementing Container Runtime Shim: runc
• KodeKloud - 3 Best Ways to Run Docker in Docker Container

General & Documentation

• Docker Documentation
• Podman Documentation
• Rootless Containers: Rootless containers refers to the ability for an unprivileged user to create, run and otherwise manage containers.
• Youtube NetworkChuck - Docker Tutorials Series

Organizations

• AliyunContainerService: Aliyun (Alibaba Cloud) Container Service
• Bitnami: Organization belong of VMWare to contributing docker image. Website
• Collabnix: A Community of 8800+ DevOps Engineers for Learning Containerization
• Containers : Open Repository for Container Tools
• Docker: Docker helps developers bring their ideas to life by conquering the complexity of app development.
• LinuxServer.io: Building and maintaining community images

Tips for configuration

• Medium - Accessing the host’s localhost from inside a Docker container
• Medium - Docker Commands You Never Heard Of!
• Medium - 13 Docker Cost Optimizations You Should Know
• Medium - Docker Beginner to Expert Tutorial

Topics

• CNI GitHub: Collection of GitHub about CNI (Container Network Interface) Topics

Troubleshoot

• Medium - 11 Ways to Troubleshoot Docker Faster

Containerization Registries and Tools

CNI (Container Network Interface)

• calico: Calico is a networking and security solution that enables Kubernetes workloads and non-Kubernetes/legacy workloads to communicate seamlessly and securely.
• cilium : Cilium is an open source, cloud native solution for providing, securing, and observing network connectivity between workloads, fueled by the revolutionary Kernel technology eBPF
• cni : Container Network Interface - networking for Linux containers. Website
• flannel : A network fabric for containers, designed for Kubernetes

Containerization Items

• crane: A tool for interacting with remote images and registries
• dive : A tool for exploring each layer in a docker image
• docker-rollout: Zero Downtime Deployment for Docker Compose
• nginx-proxy: Automated nginx proxy for Docker containers using docker-gen
• trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• watchtower: A process for automating Docker container base image updates.

Containerization Registry/Compose Collections

• Amazon ECR Public Gallery
• Awesome Docker Compose Examples
• Bitnami Application Catalog
• DockerHub
• Google Artifact Registry Distroless
• LinuxServer : Tutorial Manual
• Microsoft Artifact Registry
• Quay Registry

CRI (Container Runtime Interface)

• containerd : An open and reliable container runtime. Getting started
• cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetes (Mirantis OpenSource)
• cri-tools : CLI and validation tools for Kubelet Container Runtime Interface (CRI). User guide
• docker : Docker is one of CRI mostly to used
• kubeletctl: A client for kubelet

OCI (Open Container Initiative)

Info

The OCI currently contains three specifications: the Runtime Specification (runtime-spec), the Image Specification (image-spec) and the Distribution Specification (distribution-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

Official Website: Link

• buildah : A tool that facilitates building OCI images.
• kaniko: Build Container Images In Kubernetes
• podman : A tool for managing OCI containers and pods.
• runc : CLI tool for spawning and running containers according to the OCI specification

Selfhosted Container Registry

• harbor: An open source trusted cloud native registry project that stores, signs, and scans content
• nixery: Container registry which transparently builds images using the Nix package manager

Useful Container Image

• amazon/aws-cli: Universal Command Line Interface for Amazon Web Services
• docker-android: Android in docker solution with noVNC supported and video recording
• docker: Docker in Docker!
• windows: Windows inside a Docker container.

Kubernetes

Articles

• Medium - 7 Underrated Kubernetes Projects: Elevate Your Lab Playground!
• Medium - Why does my 2vCPU application run faster in a VM than in a container?
• Medium - 11 Kubernetes Deployment Configs You Should Know in 2024
• Medium - Deciphering the Kubernetes Networking Maze: Navigating Load-Balance, BGP, IPVS and Beyond
• Medium - Kubernetes Scheduling: Understanding the Math Behind the Magic
• Medium - Kubernetes Networking: Load Balancing Techniques and Algorithms
• Medium - 15 Best Kubernetes Cost Optimization Tools for 2024
• Azure - Scaling options for applications in Azure Kubernetes Service (AKS)
• Medium - Database in Kubernetes: Is that a good idea?
• Medium - 10 Ways for Kubernetes Declarative Configuration Management
• Medium - 10 Essential Kubernetes Tools You Didn’t Know You Needed
• Medium - Kubernetes — EKS — Upgrade process best practices (on AWS)
• Medium - 7 Best Open Source Storage Solutions for Kubernetes
• Medium - Lightweight CI/CD Solutions for Kubernetes: Going Beyond Keel, Flux, and ArgoCD
• Medium - EKS Cluster Network Architecture for Worker Nodes
• Medium - Why NGINX IngressController Isn’t the Best Choice for Production Workloads
• Internet - Pain(less?) NGINX Ingress
• Medium - Optimize Your Kubernetes Resources with Azure IAM: Managed vs. Workload Identity
• Medium - Bringing Amazon EKS Hybrid Nodes to life with Palette
• Medium - 12 Tools that will make Kubernetes management easier in 2024
• Medium - Why Some Companies are Moving Away from Kubernetes for Development Environments in 2025
• Cast.ai - Custom Kube-Scheduler: Why And How to Set it Up in Kubernetes
• Blog - Installing the NFS CSI Driver on a Kubernetes cluster to allow for dynamic provisioning of Persistent Volumes

Awesome repositories

• awesome-k8s-resources : A curated list of awesome Kubernetes tools and resources.
• awesome-krew-plugin: A list of Plugin which used by kubectl
• awesome-kubernetes : A curated list for awesome kubernetes sources 🚢🎉
• k8s-deployment-strategies : Kubernetes deployment strategies explained. Article
• kubebuilder: Kubebuilder - SDK for building Kubernetes APIs using CRDs
• Kubernetes Cluster API : About cluster API
• Kubernetes/community : Kubernetes community content
• Kubernetes CSI Drivers: The following are a set of CSI driver which can be used with Kubernetes
• Kubernetes/enhancements: Enhancements tracking repo for Kubernetes
• Kubetools: A Curated List of Kubernetes Tools
• Kubernetes Schedule Plugins: Repository for out-of-tree scheduler plugins based on the scheduler framework.
• Kubernetes examples: A series of YAML references with canonical and as-simple-as-possible demonstrations of kubernetes functionality and features.

Certificate & Practice

• certified-kubernetes-administrator-course : Kodecloud Certified Kubernetes Administrator - CKA Course
• certified-kubernetes-security-specialist-cks-course : Kodecloud Notes from the Certified Kubernetes Security Specialist Course on KodeKloud
• killer.sh - Linux Foundation Exam Simulators
• kube4sure - The Kubernetes Exam Simulator
• learnk8s - Kubernetes training for engineer

Development & Implementation

• Medium - Kubernetes: a single AWS Load Balancer for different Kubernetes Ingresses
• Medium - Implementing ROOK Ceph Storage solution on Virtual kubernetes clusters
• Medium - Kubernetes Storage Performance Comparison Rook Ceph and Piraeus Datastore (LINSTOR)
• Medium - 2 Powerful AI and Database Operators to Extend your K8s Cluster
• Medium - Creating a Custom Scheduler in Kubernetes: A Practical Guide
• Medium - VictoriaLogs: an overview, run in Kubernetes, LogsQL, and Grafana
• Medium - Configuring Production-Ready EKS Clusters with Terraform and GitHub Actions
• Medium - eBPF Maps State Synchronization across Multi-Node Kubernetes Cluster
• Medium - GitOps with Kubernetes, Terraform, Gitlab and FluxCD
• Medium - Configure CI/CD pipeline: GitlabCI, ArgoCD, HelmCharts & SOPS

DIYs

• Medium - HomeLab Kubernetes Cluster Setup
• Medium - Kubernetes, but locally.
• Medium - End-to-End DevSecOps and GitOps Implementation with Jenkins, Docker, SonarQube, Trivy, Terraform, ArgoCD, and Amazon EKS

General & Documentation

• Alibaba - Kubernetes CNIs and CNI Plug-ins
• ArmoSecr - etcd in Kubernetes
• AWS - EKS Best Practices Guides
• AWS - Kubernetes concepts for EKS
• AWS - the Kubernetes version lifecycle on EKS
• Azure - Core Kubernetes concepts for Azure Kubernetes Service
• Azure - Supported Kubernetes versions in Azure Kubernetes Service (AKS)
• Densify - Kubernetes Service Discovery
• Dev.io - Basic Guide to Kubernetes Service Discovery
• KodeKloud - Kube-Proxy: What Is It and How It Works
• KodeKloud - Kube-Proxy: What Is It and How It Works
• Kubernetes Blog
• Kubernetes - Container Runtime Interface (CRI)
• Kubernetes - Controllers
• Kubernetes Documentation
• Kubernetes - Extending Kubernetes
• Kubernetes - Ingress Controllers
• Kubernetes - Kubernetes CSI Documentation
• Kubernetes - Scheduler Configuration
• Kubernetes - Scheduling, Preemption and Eviction
• Kubernetes - The Kubernetes API
• Kubewekend Session 3: Basically about Kubernetes architecture
• Medium - Kubernetes Networking in the Simplest Way 🚀
• Medium - Top 10 Kubernetes Pod Concepts That Confuse Beginners
• Ranchers - Container Network Interface (CNI) Providers
• Redhat - Top 10 must-know Kubernetes design patterns

Organizations

• ApeCloud: The community who focus on designing architecture inside Cloud Platform, especially Kubernetes. Author of Kubeblocks
• AppsCode: Kubernetes-native Data Platform
• Carvel: a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. Author of ytt, kapp-controller
• Devtron Inc: Software Delivery Workflow For Kubernetes
• Kubecost: Organization of Kubecost - a monitoring application which provides real-time cost visibility and insights for teams using Kubernetes, helping you continuously reduce your cloud costs
• Kubeflow: An open, community driven project to make it easy to deploy and manage an ML stack on Kubernetes
• Kubernetes CSI: Kubernetes specific Container-Storage-Interface (CSI) components
• Kubernetes: Production-Grade Container Scheduling and Management
• kubernetes-sigs : Org for Kubernetes SIG-related work
• KubeWharf: Developer community legit insane tools for Kubernetes
• Medik8s: Medik8s (pronounced medicates) aims for automatic detection and recovery of unhealthy k8s nodes
• Polyaxon: A platform for reproducible and scalable machine learning and deep learning
• The Helm Project: The package manager for Kubernetes
• VMware Tanzu: Cloud native open source from VMware, almost for Kubernetes, Author of velero

Practicing

• AKS DevSecOps Workshop: Practical exercises to learn about Azure Kubernetes Service
• EKS Workshop - New version: Practical exercises to learn about Amazon Elastic Kubernetes Service
• EKS Workshop - Old Version: Explore multiple ways to configure VPC, ALB, and EC2 Kubernetes workers, and Amazon Elastic Kubernetes Service.

Tips for configuration

• Medium - 24 Kubernetes Masters’ Configurations
• Azure - Best practices for basic scheduler features in Azure Kubernetes Service (AKS)
• Medium - My Top 50 Kubernetes Notes for DevOps Engineers — Detailed Q&A
• Spot - 8 Kubernetes Deployment Strategies: Roll Out Like the Pros
• Medium - GitOps: How to Manage Dynamic Network Policy Changes at Scale Across 25 Clusters?
• AWS EKS Workshop - Configure Cluster Autoscaler (CA)
• GitHub - Cluster Autoscaler on AWS
• Medium - Mastering Horizontal Pod Autoscaling (HPA) in Amazon EKS Using Helm, Terraform, and ArgoCD: A Complete Guide with CI/CD
• AWS - Learn how EKS Pod Identity grants pods access to AWS services
• AWS - IAM roles for service accounts
• Medium - Why AWS EKS Pod Identity is a Better Fit Than IRSA for Your Kubernetes Needs?
• Medium - Simplify Kubernetes Storage: Mounting EFS to EKS Like a Pro
• Medium - The guide to kubectl I never had
• AWS Docs - Grant IAM users access to Kubernetes with EKS access entries
• AWS Blogs - Proactive autoscaling of Kubernetes workloads with KEDA using metrics ingested into Amazon Managed Service for Prometheus
• AWS Blogs - A deep dive into simplified Amazon EKS access management controls
• Kubecost - Monitoring NVIDIA GPU Usage in Kubernetes with Prometheus
• Last9 - How to Monitor Ephemeral Storage Metrics in Kubernetes
• Ingress Nginx Controller - Basic Authentication
• Medium - How to Setup Dynamic NFS Provisioning in a Kubernetes Cluster
• GitHub - Deploying NFS Server in Kubernetes
• Technotim - Mirror your Kubernetes configs, secrets, and resources to other namespaces
• Medium - Running a “stateless” email server in Kubernetes using Mailu
• Medium - Mastering Ingress Strategies for AWS EKS: ALB vs. Istio vs. NGINX

Topics

• Helm
• K8s
• Kubernetes

Troubleshoot

• StackOverFlow - How can I keep a container running on Kubernetes?
• Kubernetes - Debugging Kubernetes nodes with crictl
• Medium - Do Kubernetes Pods Really Get Evicted Due to CPU Pressure?
• StackOverFlow - Why AKS nodes shows less amount of memory as allocatable where its actual memory is still available
• StackOverFlow - Constantly getting Crashloopbackoff error in Kubernetes PODS generally in MongoDB pods
• Suneeta Mall - WTH! Who killed my pod - Whodunit?
• Kubernetes - Validate node setup
• Komodor - Resolving OOMkilled on Kubernetes
• Komodor - Exit Codes in Docker and Kubernetes: The Complete Guide
• Helm - Debugging Helm Templates
• GitHub - WARNING: Kubernetes configuration file is group/world-readable

Kubernetes Tools

API Gateway / Ingress Controller / LB

• AGIC - Application Gateway Ingress Controller: Possible for Azure Kubernetes Service (AKS) customers to leverage Azure’s native Application Gateway L7 load-balancer to expose cloud software to the Internet. Azure Article
• AWS Load Balancer Controller: AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.
• Gateway API: Gateway API is an official Kubernetes project focused on L4 and L7 routing in Kubernetes
• Ingress-Nginx Controller : Documentation about Nginx ingress which use for delivery IN/OUT traffic for Kubernetes Cluster
• Kong Ingress Controller: Allows you to run Kong Gateway as a Kubernetes Ingress to handle inbound requests for a Kubernetes cluster.
• kube-vip: Provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.
• MetalLB: A load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
• Nginx Gateway Fabric: Provides an implementation for the Gateway API using NGINX as the data plane.
• Traefik - ApiGateway: A drop-in replacement for Traefik Proxy, it can do everything Traefik Proxy does, with additional capabilities and support out of the box.
• Traefik - Ingress Controller: A Kubernetes Ingress controller; that is to say, it manages access to cluster services by supporting the Ingress specification.

Autoscaling

• Keda: Kubernetes Event-driven Autoscaling
• Kubernetes Autoscaler: Autoscaling components for Kubernetes

Backup

• velero: Backup and migrate Kubernetes applications and their persistent volumes
• trilio: A data protection and backup solution specifically designed for Kubernetes environments

Benchmark

• kube-bench: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Chaos

• chaos-mesh: A Chaos Engineering Platform for Kubernetes.
• litmus: Chaos Engineering Framework with cross-cloud support.

Cloud Hosted

• eksctl: The official CLI for Amazon EKS. Website

Cluster Management

• Crossplane: An open source Kubernetes extension that transforms your Kubernetes cluster into a universal control plane.
• GlassKube : An open-source Kubernetes package manager that simplifies package management for Kubernetes
• kubeapps: A web-based UI for deploying and managing applications in Kubernetes clusters
• kubeshark: The API traffic analyzer for Kubernetes providing real-time K8s
• lens: Lens - The way the world runs Kubernetes

Configuration Management

• Reloader: A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig

Development Environment

• devspace: The Fastest Developer Tool for Kubernetes

Development Library

• kooper: A simple Go library to create Kubernetes operators and controllers.
• kubebuilder: SDK for building Kubernetes APIs using CRDs

DNS and SSL

• cert-manager: Automatically provision and manage TLS certificates in Kubernetes
• external-dns: Configure external DNS servers

GitOps / Automation Deployment Platforms

• argo-cd :  A declarative, GitOps continuous delivery tool for Kubernetes.
• argo-rollouts: Progressive Delivery for Kubernetes. Maintained by Argo
• flagger: Progressive Delivery Operator for Kubernetes. Maintained by Flux
• fluxcd : Tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.
• helm: The package manager for Kubernetes
• kargo: A next-generation continuous delivery and application lifecycle orchestration platform for Kubernetes
• kustomize: Customization of kubernetes YAML configurations
• operator-lifecycle-manager: A management framework for extending Kubernetes with Operators
• werf: A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices.

GPU Scheduler

• HAMi: Heterogeneous AI Computing Virtualization Middleware
• NVIDIA GPU Operator: NVIDIA GPU Operator creates, configures, and manages GPUs in Kubernetes. Documentation

Helm Tools Kit

• helm-compose: A helm plugin for managing multiple releases of one or many charts within a single configuration file.
• helm-dashboard: The missing UI for Helm - visualize your releases
• helm-secrets: A helm plugin that help manage secrets with Git workflow and store them anywhere

Identity and access management

• Keycloak: an open-source identity and access management solution for modern applications and services, built on top of industry security standard protocols.

Kubectl Tools Kit

• krew: 📦 Find and install kubectl plugins
• kube-capacity: A simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster
• kubectl-node-shell: Exec into node via kubectl
• kubectl-trace: Schedule bpftrace programs on your kubernetes cluster using the kubectl
• kubectl-tree: kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄
• kubectl-view-allocations: kubectl plugin to list allocations (cpu, memory, gpu,… X utilization, requested, limit, allocatable,…)

Local Kubernetes Self-Hosted

• K0s: k0s is an open source, all-inclusive Kubernetes distribution, which is configured with all of the features needed to build a Kubernetes cluster.
• K3s: Lightweight Kubernetes. Easy to install, half the memory, all in a binary of less than 100 MB.
• Kind : kind is a tool for running local Kubernetes clusters using Docker container “nodes”.
• Kubernetes Goat: An interactive Kubernetes security learning playground
• Kubernetes Official solution : Installing Kubernetes with deployment tools. Such as: kubespray, kubeadm
• MicroK8s: MicroK8s is a low-ops, minimal production Kubernetes.
• minikube : minikube quickly sets up a local Kubernetes cluster on macOS, Linux, and Windows
• Talos Linux : The Kubernetes Operating System
  • cluster-template: A template for deploying a Talos Kubernetes cluster including Flux for GitOps

MLOps

• polyaxon: MLOps Tools For Managing & Orchestrating The Machine Learning LifeCycle

Monitoring

• kube-state-metrics: Add-on agent to generate and expose cluster-level metrics
• metrics-server: Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
• OpenSLO: Open specification for defining and expressing service level objectives (SLO)
• prometheus-operator: A Kubernetes Operator that provides Kubernetes native deployment and management of Prometheus and related monitoring components.

Operator & Chart

• Artifacthub : Find, install and publish Cloud Native packages for Kubernetes
• Elasticsearch (ECK) Operator, you can figure out configuration via Customize Pods
• Kubeblocks:  an open-source Kubernetes operator for databases (more specifically, for stateful applications, including databases and middleware like message queues), enabling users to run and manage multiple types of databases on Kubernetes.
• kubernetes-reflector: Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates
• MongoDB Community Kubernetes Operator, you can take the look some crd, and configuration with github link like CRD and Samples
• nfs-subdir-external-provisioner: Dynamic sub-dir volume provisioner on a remote NFS server.
• OperatorHub: Home for the Kubernetes community to share Operators
• RabbitMQ-cluster-operator, read more about that via source code
• Strimzi: Strimzi simplifies the process of running Apache Kafka within a Kubernetes cluster

Policy Controller

• Kyverno : Kubernetes Native Policy Management
• OPA Gatekeeper : A customizable cloud native policy controller that helps enforce policies and strengthen governance

Resources Orchestrator

• kro: Kube Resource Orchestrator. Documentation

Secret Management

• external-secrets: External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
• vault-secrets-operator: Create Kubernetes secrets from Vault for a secure GitOps based workflow.

Serverless Hosted

• knative: An Open-Source Enterprise-level solution to build Serverless and Event Driven Applications. Documentation

Service Discovery

• consul:  A multi-networking tool that offers a fully-featured service mesh solution
• coredns: CoreDNS is a DNS server that chains plugin

Service Mesh

• Istio: Service Mesh. Simplified. Easily build cloud native workloads securely and reliably with Istio, with or without sidecars.
• linkerd: A service mesh for Kubernetes. It makes running services easier and safer by giving you runtime debugging, observability, reliability, and security—all without requiring any changes to your code.

Service Proxy

• envoy : Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures
• kube-proxy: The Kubernetes network proxy runs on each node

Storage Platforms

• csi-driver-nfs: This driver allows Kubernetes to access NFS server on Linux node
• Longhorn: Cloud native distributed block storage for Kubernetes
• MinIO: MinIO Object Storage for Kubernetes
• Rook: An open source cloud-native storage orchestrator, providing the platform, framework, and support for Ceph storage to natively integrate with cloud-native environments

Threat Intelligence

• Falco: Detect security threats in real time
• kubescape: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters
• openappsec: A machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs.
• sysdig: Linux system exploration and troubleshooting tool with first class support for containers
• teleport: The easiest, and most secure way to access and protect all of your infrastructure.
• Tetragon : Cilium Tetragon component enables powerful realtime, eBPF-based Security Observability and Runtime Enforcement.

Utilities

• Instance calculator : Estimate and find the number of max workload can apply for instance
• botkube: An app that helps you monitor your Kubernetes cluster, debug critical deployments & gives recommendations for standard practices
• silver-surfer: Kubernetes objects api-version compatibility checker and provides migration path for K8s objects and prepare it for cluster upgrades

Validation

• kubeconform: A FAST Kubernetes manifests validator, with support for Custom Resources!

Virtualization

• kubevirt: Provides a unified development platform where developers can build, modify, and deploy applications residing in both Application Containers as well as Virtual Machines in a common, shared environment.