33 Repos
Filtering mechanisms that use container labels to determine management scope.
Distinguishing note: Focuses on label-based scoping for container management operations.
Explore 33 awesome GitHub repositories matching devops & infrastructure · Label-Based Selection. Refine with filters or upvote what's useful.
Watchtower is a container-based solution designed to automate the lifecycle management of Docker applications. It functions as a background service that monitors running containers, detects when new base image versions are available in registries, and automatically redeploys the containers to ensure they remain synchronized with the latest builds. The project distinguishes itself through its ability to orchestrate complex deployment workflows and maintain service availability during updates. It interacts directly with the container runtime to manage service dependencies and restart sequences,
Restricts management operations to specific containers marked with defined labels.
Chaos Monkey is a chaos engineering tool designed to verify the resilience of distributed systems by intentionally terminating production instances. It functions as a fault injection service that identifies weaknesses in cloud-based architectures by simulating real-world hardware and software outages. The platform operates through a centralized orchestration engine that executes periodic disruption cycles based on predefined configuration rules. It employs a rule-based selection process that evaluates instance metadata against safety constraints to ensure that only eligible targets are disrup
Evaluates instance metadata against safety constraints to identify eligible infrastructure components for disruption.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Filters rule definitions using namespace and label selectors to control monitoring scope and access.
PHP-CS-Fixer is a static analysis tool and code style linter designed to validate PHP code against predefined standards. It functions as a coding standard fixer that automatically detects and corrects style violations to ensure consistent formatting across a codebase. The project serves as a syntax modernizer, providing automated tools to update legacy PHP syntax to align with newer language versions. It also allows for the creation of custom style rules when built-in standards do not meet specific requirements. The tool covers broad capability areas including automated linting workflows and
Filters the available set of fixers through a configuration file to define the active styling policy.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Enables targeting individual models or dependencies for execution using selection syntax to isolate parts of the data graph.
Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo
Assigns security rules to specific namespaces or workloads using label and namespace selectors.
Kompose is a suite of conversion utilities designed to translate container composition files into cloud-native cluster resource definitions. It serves as a migration tool that transforms local development specifications into production-ready manifests for Kubernetes and OpenShift. The tool functions as a translation engine that maps container specifications, network settings, and workload definitions into cluster resources. It supports target-specific manifest generation through dedicated providers, allowing for the creation of resources tailored to different environment distributions. The p
Injects advanced configurations like health checks and autoscaling rules using specialized labels within source files.
Velero is a backup and recovery tool for Kubernetes cluster resources and persistent volumes. It functions as a disaster recovery solution and a utility for migrating applications and their associated data between different clusters. The project enables the replication of production environments by cloning cluster resources into development or testing environments for validation and debugging. It provides capabilities for backing up system objects, restoring resources to a known good state, and transferring applications across environments to facilitate system transitions.
Selects specific namespaces or objects for backup by matching metadata labels against inclusion or exclusion rules.
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Selects which detection rules to execute based on tags or names to tune alerts for specific environments.
dupeguru is a content-based file deduplicator and cross-platform disk cleanup tool. It functions as a local file management utility designed to identify and remove redundant files to recover disk space. The application identifies identical files across a file system by using content hashing and metadata comparison. This allows it to detect duplicates regardless of their filenames or directory locations. The software covers a range of data management capabilities, including directory scanning, content-based data deduplication, and the consolidation of redundant copies into single versions. It
Provides rule-based selection logic to automatically mark redundant files for deletion based on path or date.
GoCD is a continuous delivery server and build automation platform designed to orchestrate software delivery pipelines. It functions as a CD pipeline orchestrator that manages the automated execution of build, test, and deployment stages to move code from commit to production. The system utilizes an agent-based job execution model where remote agents pull work from a central server via polling. It employs a state-machine approach to pipeline orchestration, tracking the progression of software through stages and managing immutable build outputs via a central artifact repository to ensure consi
Assigns pending jobs to specific remote agents by matching pool labels and environment constraints.
Agones is a Kubernetes game server orchestrator designed for hosting, scaling, and managing dedicated multiplayer game servers. It extends the Kubernetes control plane using custom resource definitions to define game server and fleet objects, utilizing a dedicated fleet manager to maintain pools of warm server instances. The system provides a game server SDK and language-specific client libraries that allow server processes to signal readiness, health, and shutdown states directly to the controller. It distinguishes itself through specialized scaling logic, including the use of WebAssembly mo
Selects available server instances by filtering custom metadata and state labels through the API.
This project is a structured tracing framework for Rust that serves as an async-aware instrumentation library and telemetry data collector. It provides a structured logging facade and the tools necessary to record, filter, and route event-based diagnostic data from both standard applications and embedded systems. The framework distinguishes itself through a core implementation that supports bare-metal and no-standard-library environments without requiring a dynamic memory allocator. It specifically handles the complexities of asynchronous workflows by propagating diagnostic contexts across fu
Drops notifications for specific execution periods or events based on metadata to reduce diagnostic noise.
ChaosBlade is an open-source chaos engineering platform that injects faults into applications, containers, Kubernetes clusters, and host systems to test resilience. It functions as a multi-layer fault injection tool, capable of disrupting system resources, Java, C++, NodeJS, and Golang applications, Docker containers, and Kubernetes pods and nodes from a single interface. The platform distinguishes itself through its architecture, which defines chaos experiments as Kubernetes Custom Resource Definitions for native cluster integration, and supports multiple fault injection mechanisms including
Provides a visual interface for selecting experiment targets by host, Kubernetes, or application.
capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,
Filters analysis to rules matching a given author, namespace, or other metadata field.
rimraf ist ein Node.js-Tool zum rekursiven Löschen von Dateien und ein plattformübergreifendes Dateisystem-Dienstprogramm. Es bietet sowohl eine programmatische Bibliothek als auch eine CLI zum Entfernen von Dateien, Verzeichnissen und deren gesamten Inhalten über verschiedene Betriebssysteme hinweg. Das Dienstprogramm unterstützt glob-basiertes Löschen von Dateien, was das Entfernen von Elementen ermöglicht, die spezifischen Wildcard-Mustern entsprechen, anstatt nur literal Pfade zu verwenden. Es beinhaltet zudem die Möglichkeit, Löschvorgänge während der Ausführung abzubrechen und benutzerdefinierte prädikatbasierte Filter anzuwenden, um bestimmte Dateien oder Ordner auszuschließen. Das Projekt deckt breite Funktionen der Dateisystemverwaltung ab, einschließlich rekursiver Depth-First-Traversierung, plattformübergreifender Pfadnormalisierung und asynchroner I/O. Diese Funktionen ermöglichen Aufgaben wie das automatisierte Entfernen von Build-Artefakten und die allgemeine Bereinigung von Projekt-Workspaces.
Enables the removal of groups of files and directories matching specific glob patterns to clean project workspaces.
You-Dont-Need-GUI is a curated reference of terminal commands that replace common graphical interface operations with equivalent shell one-liners. It maps everyday GUI actions—file management, archive handling, system monitoring, and network diagnostics—to standard POSIX utilities like find, grep, and awk, all composed as self-contained shell pipelines. The project distinguishes itself by requiring no external dependencies or installations; every solution runs with built-in shell commands and coreutils. Its documentation follows Unix man-page conventions, presenting each command with a
Removes all files matching a specific pattern or condition using find.
Vale ist ein Markup-bewusster Prose-Linter und CLI-Tool, das darauf ausgelegt ist, redaktionelle Styleguides und Grammatikregeln über verschiedene Dokumentformate hinweg durchzusetzen. Es fungiert als YAML-basierte Styleguide-Engine, die Text auf Konsistenz in Tonfall, Rechtschreibung und Terminologie analysiert, während sie Nicht-Prosa-Elemente wie Code-Blöcke ignoriert. Das Projekt zeichnet sich durch ein flexibles Erweiterbarkeitsmodell aus, das es Benutzern ermöglicht, benutzerdefinierte Linting-Regeln mittels YAML-Konfigurationen, regulären Ausdrücken und externen Skripten für komplexe Validierungslogik zu definieren. Es unterstützt eine breite Palette an Dokumentationsformaten, darunter Markdown, AsciiDoc, HTML und Org-mode, und normalisiert diese Eingaben oft mittels XSLT, um einen einheitlichen Regelsatz anzuwenden. Das Tool deckt breite Funktionsbereiche ab, einschließlich linguistischer Bewertung für Lesbarkeitsmetriken und Grammatik, wörterbuchbasierter Rechtschreibprüfung und Terminologiemanagement zur Vermeidung inkonsistenter Formulierungen. Es bietet Integration über das Language Server Protocol für Echtzeit-Diagnosen in Editoren sowie Unterstützung für CI/CD-Pipelines und Git-Hooks zur Automatisierung der Prosa-Validierung. Vale kann innerhalb einer containerisierten Umgebung mittels Docker bereitgestellt werden, um eine konsistente Ausführung über verschiedene Plattformen hinweg zu gewährleisten.
Executes specific subsets of style rules based on expressions targeting rule names, levels, scopes, or descriptions.
This project is the official Kubernetes documentation website, serving as a comprehensive technical resource for managing containerized applications. It functions as an open-source technical documentation portal that provides guides, tutorials, and reference materials for distributed systems software. The site is built using a static site generator with a component-based template architecture to maintain consistent design patterns. It features an OpenAPI documentation generator that parses technical specifications to automatically build and update structured API reference pages. To support a
Enables flexible workload management through dynamic grouping of system components using key-value metadata tags.
Helmfile is a declarative tool for managing Kubernetes Helm releases across multiple environments. It defines the desired state of releases in version-controlled YAML files and synchronizes the cluster to match that state, acting as both a release manager and a state sync orchestrator. The tool layers environment-specific values, secrets, and lifecycle hooks onto shared release definitions, enabling consistent multi-environment deployments. Helmfile distinguishes itself through several integrated capabilities: it generates separate dependency lockfiles per environment for staged rollout of ch
Helmfile selects a subset of releases to operate on by matching user-defined or built-in labels, with support for inversion and multiple selectors.