goldilocks
falco
Our great sponsors
goldilocks | falco | |
---|---|---|
14 | 42 | |
2,297 | 6,895 | |
3.0% | 2.9% | |
6.3 | 9.8 | |
about 1 month ago | 5 days ago | |
Go | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
goldilocks
-
How do I stop my apps from being killed in k8s?
There's also tools like Goldilocks that can help with resource request planning.
-
Can you help me with CPU/Memory resources recommendation
I recently installed this into our cluster and it provides you a recommendation of what your resources should be set to based on VPA in monitor mode. https://github.com/FairwindsOps/goldilocks
-
Performance testing an application running on kubernetes
While not directly what you're asking, a tool like Goldilocks combined with Kubernetes' Vertical Pod Autoscaler can give you an idea of the real CPU and memory consumption of your applications over a period of time. It's mainly used for cloud cost control, but could be useful.
-
You can't have both high utilization and high reliability
We use it in a limited fashion as part of Goldilocks. Not all namespaces have it enabled, but any team that wants to use it can request their namespace be enabled.
-
For the love of god, stop using CPU limits on Kubernetes (updated version)
https://github.com/openshift/cluster-kube-descheduler-operator https://github.com/FairwindsOps/goldilocks
- How do you prevent overprovisioning
- FairwindsOps/goldilocks: Get your resource requests "Just Right"
-
How to right-size containers before deployment
We use https://github.com/FairwindsOps/goldilocks (zero affiliation) in our load testing environment and work from the recommendations there.
-
Top 200 Kubernetes Tools for DevOps Engineer Like You
kops - Production Grade K8s Installation, Upgrades, and Management silver-surfer - Check ApiVersion compatibility and provide Migration path for Kubernetes objects when upgrading Kubernetes to latest versions Kube-ops-view - Kubernetes Operational View - read-only system dashboard for multiple K8s clusters kubeprompt - Kubernetes prompt info Metalk8s - An opinionated Kubernetes distribution with a focus on long-term on-prem deployments kind - Kubernetes IN Docker - local clusters for testing Kubernetes Clusterman - Cluster Autoscaler for Kubernetes and Mesos Cert-manager - Automatically provision and manage TLS certificates Goldilocks - Get your resource requests "Just Right" katafygio - Dump, or continuously backup Kubernetes objets as yaml files in git Rancher - Complete container management platform Sealed Secrets - A Kubernetes controller and tool for one-way encrypted Secrets OpenKruise/Kruise - Automate application workloads management on Kubernetes https://openkruise.io kubectl snapshot - Take Cluster Snapshots kapp - simple deployment tool focused on the concept of "Kubernetes application" β a set of resources with the same label https://get-kapp.io keda - Event-driven autoscaler for Kubernetes Octant - To better understand the complexity of Kubernetes clusters Portainer - Portainer inside a Kubernetes environment Gardener - Deliver fully-managed clusters at scale everywhere with your own Kubernetes-as-a-Service Kubed - Kubernetes Cluster Operator Daemon Kubestack - Kubestack is the free and open-source GitOps framework to codify your custom platform stack using Terraform.
-
Monthly: Who is hiring?
Come help us build great open source and commercial software for Kubernetes! You may know us from projects like Polaris and Goldilocks. We're building an inclusive, learning-driven, remote-first culture and are looking to grow our team.
falco
-
Cisco Acquires Splunk
https://github.com/falcosecurity/falco
Like snort, but looks at system calls.
-
Kubernetes security projects for entry grad roles in DevSecOps/Cloud security
From one noob to another - I had a lot of fun setting up Falco (https://falco.org) and creating custom policies & alerts.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Falco is a well-known open source security solution originally created by Sysdig. Itβs a CNCF incubating project and one of the few (as far as I can tell) options on this list that uses eBPF to scan for vulnerabilities.
-
K8s secret management
Use some kind of SIEM or Falco to alert you to threats (you can't stop them, but a human can always intervene)
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
Falco, is a security project that can help you detect threats from within your cluster.
- Opensource IDS for Kubernetes??
-
Go based eBPF projects
https://falco.org/ is a security-focused monitoring and alerting with an eBPF option
- Is there a utility that can send shell command to all pods?
- eBPF β Running sandboxed programs in a privileged context such as OS kernel
-
My GoLab 2022 experience
On the cgo side I want to highlight two talks: one from Loris Cro about dealing with cross-complition difficulties, that the usage of cgo brings, using the Zig language and the other from Jason Dellaluce and Leonardo Grasso about how to extend Falco, a Kubernetes threat detection engine, which is written in C++, with plugins written in Go, explaining the challenges of integrating cgo in both C and Go.
What are some alternatives?
k9s - πΆ Kubernetes CLI To Manage Your Clusters In Style!
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
argo-cd - Declarative Continuous Deployment for Kubernetes
Kyverno - Kubernetes Native Policy Management
keda - KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
kube-score - Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
gatekeeper - π Gatekeeper - Policy Controller for Kubernetes
popeye - π A Kubernetes cluster resource sanitizer
kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Flux - Successor: https://github.com/fluxcd/flux2
istio - Connect, secure, control, and observe services.