33 مستودعات
Filtering mechanisms that use container labels to determine management scope.
Distinguishing note: Focuses on label-based scoping for container management operations.
Explore 33 awesome GitHub repositories matching devops & infrastructure · Label-Based Selection. Refine with filters or upvote what's useful.
Watchtower is a container-based solution designed to automate the lifecycle management of Docker applications. It functions as a background service that monitors running containers, detects when new base image versions are available in registries, and automatically redeploys the containers to ensure they remain synchronized with the latest builds. The project distinguishes itself through its ability to orchestrate complex deployment workflows and maintain service availability during updates. It interacts directly with the container runtime to manage service dependencies and restart sequences,
Restricts management operations to specific containers marked with defined labels.
Chaos Monkey is a chaos engineering tool designed to verify the resilience of distributed systems by intentionally terminating production instances. It functions as a fault injection service that identifies weaknesses in cloud-based architectures by simulating real-world hardware and software outages. The platform operates through a centralized orchestration engine that executes periodic disruption cycles based on predefined configuration rules. It employs a rule-based selection process that evaluates instance metadata against safety constraints to ensure that only eligible targets are disrup
Evaluates instance metadata against safety constraints to identify eligible infrastructure components for disruption.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Filters rule definitions using namespace and label selectors to control monitoring scope and access.
PHP-CS-Fixer is a static analysis tool and code style linter designed to validate PHP code against predefined standards. It functions as a coding standard fixer that automatically detects and corrects style violations to ensure consistent formatting across a codebase. The project serves as a syntax modernizer, providing automated tools to update legacy PHP syntax to align with newer language versions. It also allows for the creation of custom style rules when built-in standards do not meet specific requirements. The tool covers broad capability areas including automated linting workflows and
Filters the available set of fixers through a configuration file to define the active styling policy.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Enables targeting individual models or dependencies for execution using selection syntax to isolate parts of the data graph.
Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo
Assigns security rules to specific namespaces or workloads using label and namespace selectors.
Kompose is a suite of conversion utilities designed to translate container composition files into cloud-native cluster resource definitions. It serves as a migration tool that transforms local development specifications into production-ready manifests for Kubernetes and OpenShift. The tool functions as a translation engine that maps container specifications, network settings, and workload definitions into cluster resources. It supports target-specific manifest generation through dedicated providers, allowing for the creation of resources tailored to different environment distributions. The p
Injects advanced configurations like health checks and autoscaling rules using specialized labels within source files.
Velero is a backup and recovery tool for Kubernetes cluster resources and persistent volumes. It functions as a disaster recovery solution and a utility for migrating applications and their associated data between different clusters. The project enables the replication of production environments by cloning cluster resources into development or testing environments for validation and debugging. It provides capabilities for backing up system objects, restoring resources to a known good state, and transferring applications across environments to facilitate system transitions.
Selects specific namespaces or objects for backup by matching metadata labels against inclusion or exclusion rules.
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Selects which detection rules to execute based on tags or names to tune alerts for specific environments.
dupeguru is a content-based file deduplicator and cross-platform disk cleanup tool. It functions as a local file management utility designed to identify and remove redundant files to recover disk space. The application identifies identical files across a file system by using content hashing and metadata comparison. This allows it to detect duplicates regardless of their filenames or directory locations. The software covers a range of data management capabilities, including directory scanning, content-based data deduplication, and the consolidation of redundant copies into single versions. It
Provides rule-based selection logic to automatically mark redundant files for deletion based on path or date.
GoCD is a continuous delivery server and build automation platform designed to orchestrate software delivery pipelines. It functions as a CD pipeline orchestrator that manages the automated execution of build, test, and deployment stages to move code from commit to production. The system utilizes an agent-based job execution model where remote agents pull work from a central server via polling. It employs a state-machine approach to pipeline orchestration, tracking the progression of software through stages and managing immutable build outputs via a central artifact repository to ensure consi
Assigns pending jobs to specific remote agents by matching pool labels and environment constraints.
Agones is a Kubernetes game server orchestrator designed for hosting, scaling, and managing dedicated multiplayer game servers. It extends the Kubernetes control plane using custom resource definitions to define game server and fleet objects, utilizing a dedicated fleet manager to maintain pools of warm server instances. The system provides a game server SDK and language-specific client libraries that allow server processes to signal readiness, health, and shutdown states directly to the controller. It distinguishes itself through specialized scaling logic, including the use of WebAssembly mo
Selects available server instances by filtering custom metadata and state labels through the API.
This project is a structured tracing framework for Rust that serves as an async-aware instrumentation library and telemetry data collector. It provides a structured logging facade and the tools necessary to record, filter, and route event-based diagnostic data from both standard applications and embedded systems. The framework distinguishes itself through a core implementation that supports bare-metal and no-standard-library environments without requiring a dynamic memory allocator. It specifically handles the complexities of asynchronous workflows by propagating diagnostic contexts across fu
Drops notifications for specific execution periods or events based on metadata to reduce diagnostic noise.
ChaosBlade is an open-source chaos engineering platform that injects faults into applications, containers, Kubernetes clusters, and host systems to test resilience. It functions as a multi-layer fault injection tool, capable of disrupting system resources, Java, C++, NodeJS, and Golang applications, Docker containers, and Kubernetes pods and nodes from a single interface. The platform distinguishes itself through its architecture, which defines chaos experiments as Kubernetes Custom Resource Definitions for native cluster integration, and supports multiple fault injection mechanisms including
Provides a visual interface for selecting experiment targets by host, Kubernetes, or application.
capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,
Filters analysis to rules matching a given author, namespace, or other metadata field.
rimraf هو أداة حذف ملفات متكررة لـ Node.js وأداة مساعدة لنظام الملفات عبر الأنظمة الأساسية. يوفر كلاً من مكتبة برمجية وواجهة سطر أوامر لإزالة الملفات والأدلة وجميع محتوياتها عبر أنظمة تشغيل مختلفة. تدعم الأداة حذف الملفات القائم على glob، مما يسمح بإزالة العناصر التي تطابق أنماط أحرف البدل المحددة بدلاً من المسارات الحرفية فقط. كما تتضمن القدرة على إجهاض عمليات الحذف في منتصف التنفيذ وتطبيق تصفية مخصصة قائمة على المسند (predicate) لاستبعاد ملفات أو مجلدات معينة. يغطي المشروع إمكانات واسعة لإدارة نظام الملفات بما في ذلك الاجتياز المتكرر من العمق أولاً، وتطبيع المسار عبر الأنظمة الأساسية، و I/O غير المتزامن. تمكن هذه الميزات مهام مثل إزالة نتاج البناء المؤتمتة وتنظيف مساحة عمل المشروع العامة.
Enables the removal of groups of files and directories matching specific glob patterns to clean project workspaces.
You-Dont-Need-GUI is a curated reference of terminal commands that replace common graphical interface operations with equivalent shell one-liners. It maps everyday GUI actions—file management, archive handling, system monitoring, and network diagnostics—to standard POSIX utilities like find, grep, and awk, all composed as self-contained shell pipelines. The project distinguishes itself by requiring no external dependencies or installations; every solution runs with built-in shell commands and coreutils. Its documentation follows Unix man-page conventions, presenting each command with a
Removes all files matching a specific pattern or condition using find.
Vale هي أداة تدقيق نصوص (prose linter) واعية بالتنسيق وواجهة سطر أوامر مصممة لفرض أدلة الأسلوب التحريري وقواعد القواعد عبر تنسيقات مستندات مختلفة. تعمل كمحرك دليل أسلوب قائم على YAML يحلل النص بحثاً عن الاتساق في النبرة، والإملاء، والمصطلحات مع تجاهل العناصر غير النصية مثل كتل الكود. يتميز المشروع بنموذج توسعة مرن يسمح للمستخدمين بتحديد قواعد تدقيق مخصصة باستخدام تكوينات YAML، والتعبيرات النمطية، ونصوص خارجية لمنطق التحقق المعقد. يدعم مجموعة واسعة من تنسيقات التوثيق، بما في ذلك Markdown وAsciiDoc وHTML وOrg-mode، وغالباً ما يقوم بتطبيع هذه المدخلات عبر XSLT لتطبيق مجموعة موحدة من القواعد. تغطي الأداة مجالات قدرة واسعة بما في ذلك التقييم اللغوي لمقاييس القراءة والقواعد، والتدقيق الإملائي القائم على القاموس، وإدارة المصطلحات لمنع الصياغة غير المتسقة. توفر تكاملاً عبر بروتوكول خادم اللغة (Language Server Protocol) للتشخيص في الوقت الفعلي في المحررات، بالإضافة إلى دعم خطوط أنابيب CI/CD وGit hooks لأتمتة التحقق من النصوص. يمكن نشر Vale داخل بيئة حاوية باستخدام Docker لضمان تنفيذ متسق عبر منصات مختلفة.
Executes specific subsets of style rules based on expressions targeting rule names, levels, scopes, or descriptions.
هذا المشروع هو موقع التوثيق الرسمي لـ Kubernetes، ويعمل كمورد تقني شامل لإدارة التطبيقات المعبأة. يعمل كبوابة توثيق تقنية مفتوحة المصدر توفر أدلة، ودروسًا تعليمية، ومواد مرجعية لبرمجيات الأنظمة الموزعة. تم بناء الموقع باستخدام مولد مواقع ثابت مع بنية قالب قائمة على المكونات للحفاظ على أنماط تصميم متسقة. ويتميز بمولد توثيق OpenAPI الذي يحلل المواصفات التقنية لبناء وتحديث صفحات مرجع واجهة برمجة التطبيقات المهيكلة تلقائيًا. لدعم جمهور عالمي، يستخدم توجيه المحتوى الواعي بالتدويل لإدارة الإصدارات المترجمة من الأدلة. يتضمن سير عمل التطوير خادم إعادة تحميل ساخن لمعاينة تغييرات الموقع وعرض اللغة المستهدف لتسريع أوقات البناء. يغطي المشروع مجموعة واسعة من المجالات التقنية، بما في ذلك تنسيق العناقيد، وتهيئة الشبكة، وإدارة الموارد.
Enables flexible workload management through dynamic grouping of system components using key-value metadata tags.
Helmfile is a declarative tool for managing Kubernetes Helm releases across multiple environments. It defines the desired state of releases in version-controlled YAML files and synchronizes the cluster to match that state, acting as both a release manager and a state sync orchestrator. The tool layers environment-specific values, secrets, and lifecycle hooks onto shared release definitions, enabling consistent multi-environment deployments. Helmfile distinguishes itself through several integrated capabilities: it generates separate dependency lockfiles per environment for staged rollout of ch
Helmfile selects a subset of releases to operate on by matching user-defined or built-in labels, with support for inversion and multiple selectors.