{"id":13509452,"url":"https://github.com/kubesphere/kubekey","last_synced_at":"2026-05-06T10:03:54.471Z","repository":{"id":37082076,"uuid":"248386471","full_name":"kubesphere/kubekey","owner":"kubesphere","description":"Install Kubernetes/K3s, and related cloud-native add-ons, it supports all-in-one, multi-node, and HA 🔥 ⎈ 🐳","archived":false,"fork":false,"pushed_at":"2026-04-20T01:58:54.000Z","size":69021,"stargazers_count":2810,"open_issues_count":282,"forks_count":823,"subscribers_count":44,"default_branch":"main","last_synced_at":"2026-04-20T03:40:17.589Z","etag":null,"topics":["hacktoberfest","installer","k8s","kubeadm","kubernetes","kubernetes-cluster","kubernetes-deployment"],"latest_commit_sha":null,"homepage":"https://kubesphere.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kubesphere.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-03-19T01:53:08.000Z","updated_at":"2026-04-20T01:58:59.000Z","dependencies_parsed_at":"2024-01-22T06:40:09.529Z","dependency_job_id":"a2834915-4491-4334-a9bd-792facf11167","html_url":"https://github.com/kubesphere/kubekey","commit_stats":{"total_commits":1505,"total_committers":130,"mean_commits":"11.576923076923077","dds":0.826578073089701,"last_synced_commit":"ee1cf9b6d46ea979e8402326afe8a3d89b8b0f4b"},"previous_names":[],"tags_count":138,"template":false,"template_full_name":null,"purl":"pkg:github/kubesphere/kubekey","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubesphere%2Fkubekey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubesphere%2Fkubekey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubesphere%2Fkubekey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubesphere%2Fkubekey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kubesphere","download_url":"https://codeload.github.com/kubesphere/kubekey/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubesphere%2Fkubekey/sbom","scorecard":{"id":572748,"data":{"date":"2025-08-11","repo":{"name":"github.com/kubesphere/kubekey","commit":"0cacdaf1c9f30771ffe75d95f97f359631b50a25"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Maintained","score":10,"reason":"17 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":8,"reason":"Found 20/23 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-multiarch.yaml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/gen-repository-iso.yaml:1","Info: found token with 'none' permissions: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/issue_comment_webhook.yml:1","Warn: no topLevel permission defined: .github/workflows/kubernetes-auto-support.yaml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/sync-feature-code.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/gen-repository-iso.yaml:10"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v4.0.0-alpha.6 not signed: https://api.github.com/repos/kubesphere/kubekey/releases/234734404","Warn: release artifact v3.1.10 not signed: https://api.github.com/repos/kubesphere/kubekey/releases/224759106","Warn: release artifact v3.1.9 not signed: https://api.github.com/repos/kubesphere/kubekey/releases/212141843","Warn: release artifact v3.1.8 not signed: https://api.github.com/repos/kubesphere/kubekey/releases/208303179","Warn: release artifact v3.1.0-rc.0-20250115-1 not signed: https://api.github.com/repos/kubesphere/kubekey/releases/194941299","Warn: release artifact v4.0.0-alpha.6 does not have provenance: https://api.github.com/repos/kubesphere/kubekey/releases/234734404","Warn: release artifact v3.1.10 does not have provenance: https://api.github.com/repos/kubesphere/kubekey/releases/224759106","Warn: release artifact v3.1.9 does not have provenance: https://api.github.com/repos/kubesphere/kubekey/releases/212141843","Warn: release artifact v3.1.8 does not have provenance: https://api.github.com/repos/kubesphere/kubekey/releases/208303179","Warn: release artifact v3.1.0-rc.0-20250115-1 does not have provenance: https://api.github.com/repos/kubesphere/kubekey/releases/194941299"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(release-3.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-multiarch.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/build-multiarch.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-multiarch.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/build-multiarch.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-multiarch.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/build-multiarch.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gen-repository-iso.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/gen-repository-iso.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_comment_webhook.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/issue_comment_webhook.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_comment_webhook.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/issue_comment_webhook.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kubernetes-auto-support.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/kubernetes-auto-support.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/kubernetes-auto-support.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/kubernetes-auto-support.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-feature-code.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/sync-feature-code.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-feature-code.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/sync-feature-code.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-feature-code.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kubesphere/kubekey/sync-feature-code.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:16","Warn: containerImage not pinned by hash: Dockerfile:52: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4","Warn: containerImage not pinned by hash: feature/build/controller-manager/Dockerfile:3","Warn: containerImage not pinned by hash: feature/build/controller-manager/Dockerfile:30: pin your Docker image by updating alpine:3.19.0 to alpine:3.19.0@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48","Warn: containerImage not pinned by hash: feature/build/kk/Dockerfile:3","Warn: containerImage not pinned by hash: feature/build/kk/Dockerfile:30: pin your Docker image by updating alpine:3.19.0 to alpine:3.19.0@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.almalinux90:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.centos7:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.debian10:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.debian11:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.ubuntu1604:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.ubuntu1804:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.ubuntu2004:1","Warn: containerImage not pinned by hash: feature/hack/gen-repository-iso/dockerfile.ubuntu2204:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.almalinux90:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.centos7:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.debian10:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.debian11:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.debian12:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.ubuntu1804:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.ubuntu2004:1","Warn: containerImage not pinned by hash: hack/gen-repository-iso/dockerfile.ubuntu2204:1","Warn: npmCommand not pinned by hash: .github/workflows/issue_comment_webhook.yml:17","Warn: pipCommand not pinned by hash: .github/workflows/kubernetes-auto-support.yaml:19","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of  23 containerImage dependencies pinned","Info:   2 out of   2 goCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (27) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"50 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2022-1147 / GHSA-2qjp-425j-52j9","Warn: Project is vulnerable to: GO-2023-1573 / GHSA-259w-8hf6-59c2","Warn: Project is vulnerable to: GO-2023-1574 / GHSA-hmfx-3pcx-653p","Warn: Project is vulnerable to: GO-2023-2412 / GHSA-7ww5-4wqc-m92c","Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg","Warn: Project is vulnerable to: GO-2024-2842 / GHSA-6wvf-f2vw-3425","Warn: Project is vulnerable to: GO-2023-2048 / GHSA-6xv5-86q9-7xr8","Warn: Project is vulnerable to: GHSA-hqxw-f8mx-cpmw","Warn: Project is vulnerable to: GO-2024-3250 / GHSA-29wx-vh33-7x7r","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2023-1578 / GHSA-jpxj-2jvg-6jv9","Warn: Project is vulnerable to: GO-2024-2800 / GHSA-q64h-39hv-4cf7","Warn: Project is vulnerable to: GO-2024-2948 / GHSA-xfhp-jf8p-mh5w","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2024-3305 / GHSA-gh5c-3h97-2f3q","Warn: Project is vulnerable to: GO-2024-3304 / GHSA-2mj3-vfvx-fc43","Warn: Project is vulnerable to: GO-2024-3005","Warn: Project is vulnerable to: GO-2023-1683 / GHSA-g2j6-57v7-gm8c","Warn: Project is vulnerable to: GO-2023-1682 / GHSA-m8cg-xc2p-r3fc","Warn: Project is vulnerable to: GO-2023-1627 / GHSA-vpvm-3wq2-2wvm","Warn: Project is vulnerable to: GO-2024-2491 / GHSA-xr7r-f8xq-vfvv","Warn: Project is vulnerable to: GO-2024-3110 / GHSA-jfvp-7x6p-h2pv","Warn: Project is vulnerable to: GO-2022-1045 / GHSA-m5m3-46gj-wch8","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g","Warn: Project is vulnerable to: GO-2022-1165 / GHSA-53c4-hhmh-vw5q","Warn: Project is vulnerable to: GO-2022-1166 / GHSA-67fx-wx78-jx33","Warn: Project is vulnerable to: GO-2022-1167 / GHSA-6rx9-889q-vv2r","Warn: Project is vulnerable to: GO-2023-1547 / GHSA-pwcw-6f5g-gxf8","Warn: Project is vulnerable to: GO-2024-2554 / GHSA-v53g-5gjp-272r","Warn: Project is vulnerable to: GO-2024-2575 / GHSA-r53h-jv2g-vpx6","Warn: Project is vulnerable to: GO-2025-3601 / GHSA-4hfp-h4cw-hj8p","Warn: Project is vulnerable to: GO-2025-3602 / GHSA-5xqw-8hwv-wg92","Warn: Project is vulnerable to: GO-2025-3802 / GHSA-557j-xg8c-q2mm","Warn: Project is vulnerable to: GHSA-9h84-qmv7-982p","Warn: Project is vulnerable to: GHSA-f9f8-9pmf-xv68"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T16:47:07.491Z","repository_id":37082076,"created_at":"2025-08-20T16:47:07.491Z","updated_at":"2025-08-20T16:47:07.491Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32323232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","installer","k8s","kubeadm","kubernetes","kubernetes-cluster","kubernetes-deployment"],"created_at":"2024-08-01T02:01:07.982Z","updated_at":"2026-04-27T05:06:44.340Z","avatar_url":"https://github.com/kubesphere.png","language":"Go","funding_links":[],"categories":["Go","kubernetes"],"sub_categories":[],"readme":"\u003cdiv align=center\u003e\u003cimg src=\"docs/images/kubekey-logo.svg?raw=true\"\u003e\u003c/div\u003e\n\n[![CI](https://github.com/kubesphere/kubekey/workflows/GolangCILint/badge.svg?branch=main\u0026event=push)](https://github.com/kubesphere/kubekey/actions/workflows/golangci-lint.yaml?query=event%3Apush+branch%3Amain+workflow%3ACI)\n\n\u003e English | [中文](README_zh-CN.md)\n\n**👋 Welcome to KubeKey!**\n\nKubeKey is an open-source lightweight task flow execution tool. It provides a flexible and fast way to install Kubernetes.\n\n\u003e KubeKey has passed the [CNCF Kubernetes Conformance Certification](https://www.cncf.io/certification/software-conformance/)\n\n# Comparison of new features in 3.x\n1. Expanded from Kubernetes lifecycle management tool to task execution tool (flow design refers to [Ansible](https://github.com/ansible/ansible))\n2. Supports multiple ways to manage task templates: git, local, etc.\n3. Supports multiple node connection methods, including: local, ssh, kubernetes, prometheus.\n4. Supports cloud-native automated batch task management\n5. Advanced features: UI page (not yet open)\n\n# Install kubekey\n\n## Install in Kubernetes\nInstall kubekey via helm.\n```shell\nhelm upgrade --install --create-namespace -n kubekey-system kubekey config/kubekey\n```\n\n## Binary\nGet the corresponding binary files from the [release](https://github.com/kubesphere/kubekey/releases) page.\n\n## Download Binary with UI\n\n**UI only support after v4.0.0**\n\n**Prerequisite:** `hack/downloadKubekey.sh` downloads the web-installer bundle unless **`SKIP_WEB_INSTALLER` is set to `true`**.\n\n```shell\nexport SKIP_WEB_INSTALLER=false\ncurl -sfL https://get-kk.kubesphere.io | sh -\n# run with UI\nkk web --schema-path schema --ui-path dist\n```\n\n### Build an offline package with config.yaml\n\nAfter `hack/downloadKubekey.sh` finishes, you may have `package.sh` in the current directory (depending on version and options). Put your `config.yaml` there and run `./package.sh config.yaml` to produce the offline bundle. To generate or fill in `config.yaml`—including image lists and related fields—use the online tool **[KubeSphere Images](https://get-images.kubesphere.io/)**.\n\n# Deploy Kubernetes\n\n- Supported deployment environments: Linux distributions\n    - almaLinux: 9.0 (not fully tested)\n    - centOS: 8\n    - debian: 10, 11\n    - kylin: V10SP3 (not fully tested)\n    - ubuntu: 18.04, 20.04, 22.04, 24.04.\n\n- Supported Kubernetes versions: v1.23.x ~ v1.34.x\n\n## Requirements\n\n- One or more computers running Linux operating systems compatible with deb/rpm; for example: Ubuntu or CentOS.\n- Each machine should have more than 2 GB of memory; applications will be limited if memory is insufficient.\n- Control plane nodes should have at least 2 CPUs.\n- Full network connectivity among all machines in the cluster. You can use public or private networks.\n\n## Define node information\n\nkubekey uses the `inventory` resource to define node connection information.    \nYou can use `kk create inventory` to get the default inventory.yaml resource. The default `inventory.yaml` configuration is as follows:    \n```yaml\napiVersion: kubekey.kubesphere.io/v1\nkind: Inventory\nmetadata:\n  name: default\nspec:\n  hosts: # your can set all nodes here. or set nodes on special groups.\n#    node1:\n#      connector:\n#        type: ssh\n#        host: node1\n#        port: 22\n#        user: root\n#        password: 123456\n  groups:\n    # all kubernetes nodes.\n    k8s_cluster:\n      groups:\n        - kube_control_plane\n        - kube_worker\n    # control_plane nodes\n    kube_control_plane:\n      hosts:\n        - localhost\n    # worker nodes\n    kube_worker:\n      hosts:\n        - localhost\n    # etcd nodes when etcd_deployment_type is external\n    etcd:\n      hosts:\n        - localhost\n#    image_registry:\n#      hosts:\n#        - localhost\n    # nfs nodes for registry storage. and kubernetes nfs storage\n#    nfs:\n#      hosts:\n#        - localhost\n\n```\nThe inventory contains the following built-in groups:\n1. k8s_cluster: Kubernetes cluster. Contains two subgroups: kube_control_plane, kube_worker\n2. kube_control_plane: control_plane node group in the Kubernetes cluster\n3. kube_worker: worker node group in the Kubernetes cluster.\n4. etcd: node group for installing etcd cluster.\n5. image_registry: node group for installing image registry (including harbor, registry)\n6. nfs: node group for installing nfs.\n\n## Define key configuration information\n\nkubekey uses the `config` resource to define node connection information.    \nYou can use `kk create config --with-kubernetes v1.33.1` to get the default inventory.yaml resource. The default `config.yaml` configuration is as follows:    \n\nDefault config configurations are provided as references for different Kubernetes versions:\n- [Config for installing Kubernetes v1.23.x](builtin/core/defaults/config/v1.23.yaml)\n- [Config for installing Kubernetes v1.24.x](builtin/core/defaults/config/v1.24.yaml)  \n- [Config for installing Kubernetes v1.25.x](builtin/core/defaults/config/v1.25.yaml)\n- [Config for installing Kubernetes v1.26.x](builtin/core/defaults/config/v1.26.yaml)\n- [Config for installing Kubernetes v1.27.x](builtin/core/defaults/config/v1.27.yaml)\n- [Config for installing Kubernetes v1.28.x](builtin/core/defaults/config/v1.28.yaml)\n- [Config for installing Kubernetes v1.29.x](builtin/core/defaults/config/v1.29.yaml)\n- [Config for installing Kubernetes v1.30.x](builtin/core/defaults/config/v1.30.yaml)\n- [Config for installing Kubernetes v1.31.x](builtin/core/defaults/config/v1.31.yaml)\n- [Config for installing Kubernetes v1.32.x](builtin/core/defaults/config/v1.32.yaml)\n- [Config for installing Kubernetes v1.33.x](builtin/core/defaults/config/v1.33.yaml)\n- [Config for installing Kubernetes v1.34.x](builtin/core/defaults/config/v1.34.yaml)\n\n## Install cluster\n\nYou can create a cluster in **two ways**: use the **Web UI**, or use the **command line**. The prerequisites and the meaning of `inventory` / `config` are described in the sections above.\n\n### Method one: Web (UI)\n\nRequires **KubeKey v4.0.0 or newer** with the web installer bundle. Install or download that build (see **Download Binary with UI** under *Install kubekey*), then start the UI:\n\n```shell\nkk web --schema-path schema --ui-path dist\n```\n\nIn the browser, edit inventory and configuration, then follow the UI flow to run the cluster creation playbook (equivalent to `playbooks/create_cluster.yaml`).\n\n### Method two: Command line\n\nPrepare `inventory.yaml` and `config.yaml`, then run the built-in `kk create cluster` subcommand; it runs `playbooks/create_cluster.yaml` for you, so you do not pass the playbook path explicitly.\n\n```shell\nkk create cluster -i inventory.yaml -c config.yaml\n```\n\nIf `-i inventory.yaml` is not provided, the default inventory.yaml is used. Kubernetes will only be installed on the executing machine.\nIf `-c config.yaml` is not provided, the default config.yaml is used. Installs Kubernetes version v1.34.1.\n\nOther useful flags:\n\n- `--workdir`: KubeKey working directory (default: `\u003ccurrent-dir\u003e/kubekey`).\n- `--with-kubernetes`: Kubernetes version (for example `v1.33.1`) when it is not set in `config.yaml`.\n- `-a` / `--artifact`: path to an offline KubeKey artifact package (`.tgz`); also turns off online fetching when set.\n- `--set`: override config fields, for example `--set download.fetch=false` or nested keys supported by KubeKey.\n- `-n` / `--namespace`: namespace for local runtime resources tied to the playbook.\n\nOffline install example:\n\n```shell\nkk create cluster -i inventory.yaml -c config.yaml --workdir ./kubekey --artifact /path/to/kubekey-artifact.tgz\n```\n\n# Documentation\n**[Custom Playbook](docs/en/custom/README.md)**    \n**[Kubernetes Playbook](docs/en/core/README.md)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubesphere%2Fkubekey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkubesphere%2Fkubekey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubesphere%2Fkubekey/lists"}