jspolicy VS cost-model

I struggled with understanding OPA too! I have not seen this mentioned, but one straightforward alternative is JSPolicy (https://www.jspolicy.com/), which allows you to write policies in Javascript or Typescript. It is really easy to understand and get started.

You will likely want to implement certain restrictions, limits, quotas, or security policies for your Kubernetes clusters. This could help with auditing or monitoring tasks, or with standardizing a quota for certain resources. Tools like the Open Policy Agent (OPA), jsPolicy, or Kyverno can be used based on your needs. Many developers are more comfortable with YAML or JavaScript, so Kyverno or jsPolicy might be preferred.

In 2021 we also released two new open source projects: vcluster, a tool for creating and using virtual Kubernetes clusters, and jsPolicy, a tool for writing policies for Kubernetes clusters in JavaScript or TypeScript. vcluster especially gained a lot of traction and our CEO Lukas Gentele gave a talk about it at KubeCon Los Angeles.

Either engine could be a good choice for your business. Consider which factors are most relevant to your project and your use case before you make a decision. You can learn more about jsPolicy here and about OPA here.

Loft Labs is the creator of several popular open-source projects in the cloud-native technology space, including the Kubernetes developer tool DevSpace, the certified Kubernetes distribution vcluster, and the policy engine jsPolicy. The company’s commercial product, Loft, enables any organization to scale self-service access to Kubernetes to hundreds or even thousands of engineers. Loft's customers span from fast-growing startups Gusto, Urbint, and HqO to well-established Fortune 500 companies that include one of the largest U.S. financial institutions and one of the world’s largest car manufacturers.

Loft Labs also recently released vcluster, a first-of-its-kind virtual cluster technology for Kubernetes. jsPolicy now available at www.jspolicy.com and on Github.

Would you mind explaining why is it hard for admission controllers to check container definitions of the pod? I've never used OPA or Kyverno, but I want to start contributing to a competitor project, so I am really curious to find out. Thank you! :)

This makes sense and I made the assumption that someone thought about the root-ability thing after I saw loft-sh/jspolicy.

Kubecost gives you insight into where your Kubernetes spend is going. You can view your spend per namespace, service, or even team, and you can set budgets and get real-time alerts. Kubecost can also track other cloud spend from things like RDS and S3, and it also works with on-prem k8s clusters. Kubecost also offers an open source version.

kubecost - analyse cost of the cluster https://kubecost.com/

> No inheritance - no more digging through the massive world-tree of objects to find the code that actually does things.

That's not 100% accurate; as a concrete example, tell me which files (to say nothing of the actual downstream types!) contain the implementations of this interface method: https://github.com/kubecost/cost-model/blob/v1.88.0/pkg/clou... (err, without using github's fancy new SourceGraph-lite integration, of course, that'd be cheating)

I find the sibling "No declared interfaces - they are defined at the point of use, not declared elsewhere" similarly suspicious, but suspect we'd having a nomenclature mismatch

Kubecost (Stackwatch) | Senior Support Engineer | Remote (US-East/Central preferred) | https://kubecost.com

Our tooling and intelligence empowers teams to efficiently operate Kubernetes at scale—helping them manage cost, performance, and reliability. We're avid contributors to the open source community.

We're looking to add a second Senior Support Engineer to help us build a scalable, user-first support process, troubleshoot complex infrastructure issues, and influence the direction of our product by tracking and communicating user needs. Be one of our first 20 teammates!

Feel free to apply or reach out to us directly with your CV at [email protected] if you're interested!

Check out all of our open roles here: https://angel.co/company/kubecost/jobs

Kubecost (Stackwatch) | Senior Support Engineer | Remote (US-East/Central preferred) | Full time | https://kubecost.com

Stackwatch is a tight-knit, fast-growing team on the leading edge of cloud infrastructure technology. Starting with our flagship product Kubecost, we build tooling and intelligence that empowers teams to efficiently operate Kubernetes at scale—helping them manage cost, performance, and reliability.

As our second Senior Support Engineer, you’ll help us build a scalable, customer-first support process, troubleshoot complex infrastructure issues for our users, and influence the direction of our product by tracking and communicating customer needs. We’re looking for someone who is as passionate about our product and customers as we are—as one of our first 20 employees, you’ll have the opportunity to shape the future of our support organization and technology.

Feel free to reach out to us directly with your CV at [email protected] if you're interested!

NB: also hiring for Senior Software Engineers and Go-to-market!

Lens is the most powerful IDE for those who need to deal with Kubernetes clusters on a daily basis. It allows you to manage your cluster and view important health metrics. A Kubecost and Lens integration allows you to also visualize Kubernetes costs directly in the Lens UI. With Lens and Kubecost you can view costs and spend efficiency by namespace, pod, deployment and more!

First you have to be aware of your costs :) This open source project can help https://kubecost.com, `helm install` and get started in 5 minutes

Happy to share some of the lessons we've learned if you want to reach out to team [at] kubecost.com. We worked on this problem at Google before launching Kubecost open source.