33 repositorios
Filtering mechanisms that use container labels to determine management scope.
Distinguishing note: Focuses on label-based scoping for container management operations.
Explore 33 awesome GitHub repositories matching devops & infrastructure · Label-Based Selection. Refine with filters or upvote what's useful.
Watchtower is a container-based solution designed to automate the lifecycle management of Docker applications. It functions as a background service that monitors running containers, detects when new base image versions are available in registries, and automatically redeploys the containers to ensure they remain synchronized with the latest builds. The project distinguishes itself through its ability to orchestrate complex deployment workflows and maintain service availability during updates. It interacts directly with the container runtime to manage service dependencies and restart sequences,
Restricts management operations to specific containers marked with defined labels.
Chaos Monkey is a chaos engineering tool designed to verify the resilience of distributed systems by intentionally terminating production instances. It functions as a fault injection service that identifies weaknesses in cloud-based architectures by simulating real-world hardware and software outages. The platform operates through a centralized orchestration engine that executes periodic disruption cycles based on predefined configuration rules. It employs a rule-based selection process that evaluates instance metadata against safety constraints to ensure that only eligible targets are disrup
Evaluates instance metadata against safety constraints to identify eligible infrastructure components for disruption.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Filters rule definitions using namespace and label selectors to control monitoring scope and access.
PHP-CS-Fixer is a static analysis tool and code style linter designed to validate PHP code against predefined standards. It functions as a coding standard fixer that automatically detects and corrects style violations to ensure consistent formatting across a codebase. The project serves as a syntax modernizer, providing automated tools to update legacy PHP syntax to align with newer language versions. It also allows for the creation of custom style rules when built-in standards do not meet specific requirements. The tool covers broad capability areas including automated linting workflows and
Filters the available set of fixers through a configuration file to define the active styling policy.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Enables targeting individual models or dependencies for execution using selection syntax to isolate parts of the data graph.
Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo
Assigns security rules to specific namespaces or workloads using label and namespace selectors.
Kompose is a suite of conversion utilities designed to translate container composition files into cloud-native cluster resource definitions. It serves as a migration tool that transforms local development specifications into production-ready manifests for Kubernetes and OpenShift. The tool functions as a translation engine that maps container specifications, network settings, and workload definitions into cluster resources. It supports target-specific manifest generation through dedicated providers, allowing for the creation of resources tailored to different environment distributions. The p
Injects advanced configurations like health checks and autoscaling rules using specialized labels within source files.
Velero is a backup and recovery tool for Kubernetes cluster resources and persistent volumes. It functions as a disaster recovery solution and a utility for migrating applications and their associated data between different clusters. The project enables the replication of production environments by cloning cluster resources into development or testing environments for validation and debugging. It provides capabilities for backing up system objects, restoring resources to a known good state, and transferring applications across environments to facilitate system transitions.
Selects specific namespaces or objects for backup by matching metadata labels against inclusion or exclusion rules.
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Selects which detection rules to execute based on tags or names to tune alerts for specific environments.
dupeguru is a content-based file deduplicator and cross-platform disk cleanup tool. It functions as a local file management utility designed to identify and remove redundant files to recover disk space. The application identifies identical files across a file system by using content hashing and metadata comparison. This allows it to detect duplicates regardless of their filenames or directory locations. The software covers a range of data management capabilities, including directory scanning, content-based data deduplication, and the consolidation of redundant copies into single versions. It
Provides rule-based selection logic to automatically mark redundant files for deletion based on path or date.
GoCD is a continuous delivery server and build automation platform designed to orchestrate software delivery pipelines. It functions as a CD pipeline orchestrator that manages the automated execution of build, test, and deployment stages to move code from commit to production. The system utilizes an agent-based job execution model where remote agents pull work from a central server via polling. It employs a state-machine approach to pipeline orchestration, tracking the progression of software through stages and managing immutable build outputs via a central artifact repository to ensure consi
Assigns pending jobs to specific remote agents by matching pool labels and environment constraints.
Agones is a Kubernetes game server orchestrator designed for hosting, scaling, and managing dedicated multiplayer game servers. It extends the Kubernetes control plane using custom resource definitions to define game server and fleet objects, utilizing a dedicated fleet manager to maintain pools of warm server instances. The system provides a game server SDK and language-specific client libraries that allow server processes to signal readiness, health, and shutdown states directly to the controller. It distinguishes itself through specialized scaling logic, including the use of WebAssembly mo
Selects available server instances by filtering custom metadata and state labels through the API.
This project is a structured tracing framework for Rust that serves as an async-aware instrumentation library and telemetry data collector. It provides a structured logging facade and the tools necessary to record, filter, and route event-based diagnostic data from both standard applications and embedded systems. The framework distinguishes itself through a core implementation that supports bare-metal and no-standard-library environments without requiring a dynamic memory allocator. It specifically handles the complexities of asynchronous workflows by propagating diagnostic contexts across fu
Drops notifications for specific execution periods or events based on metadata to reduce diagnostic noise.
ChaosBlade is an open-source chaos engineering platform that injects faults into applications, containers, Kubernetes clusters, and host systems to test resilience. It functions as a multi-layer fault injection tool, capable of disrupting system resources, Java, C++, NodeJS, and Golang applications, Docker containers, and Kubernetes pods and nodes from a single interface. The platform distinguishes itself through its architecture, which defines chaos experiments as Kubernetes Custom Resource Definitions for native cluster integration, and supports multiple fault injection mechanisms including
Provides a visual interface for selecting experiment targets by host, Kubernetes, or application.
capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,
Filters analysis to rules matching a given author, namespace, or other metadata field.
rimraf es una herramienta de eliminación recursiva de archivos para Node.js y una utilidad de sistema de archivos multiplataforma. Proporciona tanto una librería programática como una interfaz de línea de comandos para eliminar archivos y directorios y todo su contenido en diferentes sistemas operativos. La utilidad soporta la eliminación de archivos basada en glob, permitiendo la eliminación de elementos que coinciden con patrones comodín específicos en lugar de solo rutas literales. También incluye la capacidad de abortar procesos de eliminación a mitad de ejecución y aplicar filtrado basado en predicados personalizados para excluir archivos o carpetas específicos. El proyecto cubre amplias capacidades de gestión del sistema de archivos, incluyendo recorrido recursivo en profundidad (depth-first), normalización de rutas multiplataforma y E/S asíncrona. Estas características permiten tareas como la eliminación automatizada de artefactos de compilación y la limpieza general del espacio de trabajo del proyecto.
Enables the removal of groups of files and directories matching specific glob patterns to clean project workspaces.
You-Dont-Need-GUI is a curated reference of terminal commands that replace common graphical interface operations with equivalent shell one-liners. It maps everyday GUI actions—file management, archive handling, system monitoring, and network diagnostics—to standard POSIX utilities like find, grep, and awk, all composed as self-contained shell pipelines. The project distinguishes itself by requiring no external dependencies or installations; every solution runs with built-in shell commands and coreutils. Its documentation follows Unix man-page conventions, presenting each command with a
Removes all files matching a specific pattern or condition using find.
Vale es un linter de prosa consciente del marcado y herramienta de línea de comandos diseñada para aplicar guías de estilo editorial y reglas gramaticales en varios formatos de documento. Funciona como un motor de guía de estilo basado en YAML que analiza el texto en busca de consistencia en tono, ortografía y terminología, ignorando elementos que no son prosa, como bloques de código. El proyecto destaca por su modelo de extensibilidad flexible que permite a los usuarios definir reglas de linting personalizadas utilizando configuraciones YAML, expresiones regulares y scripts externos para lógica de validación compleja. Admite una amplia gama de formatos de documentación, incluyendo Markdown, AsciiDoc, HTML y Org-mode, normalizando a menudo estas entradas mediante XSLT para aplicar un conjunto unificado de reglas. La herramienta cubre áreas de capacidad amplias, incluyendo evaluación lingüística para métricas de legibilidad y gramática, corrección ortográfica basada en diccionario y gestión de terminología para prevenir frases inconsistentes. Proporciona integración mediante el Language Server Protocol para diagnósticos en tiempo real en editores, así como soporte para pipelines de CI/CD y Git hooks para automatizar la validación de prosa. Vale puede desplegarse dentro de un entorno contenedorizado utilizando Docker para garantizar una ejecución consistente en diferentes plataformas.
Executes specific subsets of style rules based on expressions targeting rule names, levels, scopes, or descriptions.
Este proyecto es el sitio web oficial de documentación de Kubernetes, que sirve como un recurso técnico integral para gestionar aplicaciones contenedorizadas. Funciona como un portal de documentación técnica de código abierto que proporciona guías, tutoriales y materiales de referencia para software de sistemas distribuidos. El sitio está construido utilizando un generador de sitios estáticos con una arquitectura de plantillas basada en componentes para mantener patrones de diseño consistentes. Cuenta con un generador de documentación OpenAPI que analiza especificaciones técnicas para construir y actualizar automáticamente páginas de referencia de API estructuradas. Para apoyar a una audiencia global, emplea enrutamiento de contenido consciente de la internacionalización para gestionar versiones localizadas de los manuales. El flujo de trabajo de desarrollo incluye un servidor de recarga en caliente (hot-reloading) para previsualizar cambios en el sitio y renderizado de idiomas específico para acelerar los tiempos de compilación. El proyecto cubre una amplia gama de dominios técnicos, incluyendo orquestación de clústeres, configuración de red y gestión de recursos.
Enables flexible workload management through dynamic grouping of system components using key-value metadata tags.
Helmfile is a declarative tool for managing Kubernetes Helm releases across multiple environments. It defines the desired state of releases in version-controlled YAML files and synchronizes the cluster to match that state, acting as both a release manager and a state sync orchestrator. The tool layers environment-specific values, secrets, and lifecycle hooks onto shared release definitions, enabling consistent multi-environment deployments. Helmfile distinguishes itself through several integrated capabilities: it generates separate dependency lockfiles per environment for staged rollout of ch
Helmfile selects a subset of releases to operate on by matching user-defined or built-in labels, with support for inversion and multiple selectors.