keda
falco
Our great sponsors
keda | falco | |
---|---|---|
90 | 42 | |
7,624 | 6,818 | |
2.3% | 2.7% | |
9.5 | 9.8 | |
7 days ago | 7 days ago | |
Go | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
keda
-
Tortoise: Shell-Shockingly-Good Kubernetes Autoscaling
Microsoft does a good job with KEDA, providing an open source autoscaling architecture that isn't tied to Azure.
https://keda.sh/ - project website
Most just utilize out of the box macro resources available in HPA.
For more advanced use cases there is keda - https://keda.sh/
-
Root Cause Chronicles: Quivering Queue
Thankfully KEDA operator was already part of the cluster, and all Robin had to do was create a ScaledObject manifest targeting the Dispatch ScaleUp event, based on the rabbitmq_global_messages_received_total metric from Prometheus.
-
Five tools to add to your K8s cluster
Keda
-
Best Kubernetes DevOps Tools: A Comprehensive Guide
KEDA introduces event-driven scaling to Kubernetes workloads. It integrates with Kubernetes Horizontal Pod Autoscalers and can scale pods based on external metrics from services like databases and message queues (Kafka, RabbitMQ, MongoDB).
-
Auto-scaling DynamoDB Streams applications on Kubernetes
This is where KEDA comes in.
# update version 2.8.2 if required kubectl apply -f https://github.com/kedacore/keda/releases/download/v2.8.2/keda-2.8.2.yaml
-
What is the difference in production for scale to zero usecases - Keda vs Lambda ?
This is traditionally a AWS Lambda usecase - or an OpenFaas kind of usecase. But very recently i discovered https://keda.sh/ and it seems it is specifically meant for this in a kubernetes environment.
-
Ingesting Data into OpenSearch using Apache Kafka and Go
If you deploy the application to Amazon EKS, you can also consider using KEDA to auto-scale your consumer application based on the number of messages in the MSK topic.
-
Is there a product that can orchestrate running jobs?
Maybe this https://keda.sh/
falco
-
Cisco Acquires Splunk
https://github.com/falcosecurity/falco
Like snort, but looks at system calls.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Falco is a well-known open source security solution originally created by Sysdig. Itβs a CNCF incubating project and one of the few (as far as I can tell) options on this list that uses eBPF to scan for vulnerabilities.
-
K8s secret management
Use some kind of SIEM or Falco to alert you to threats (you can't stop them, but a human can always intervene)
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
Falco, is a security project that can help you detect threats from within your cluster.
-
Go based eBPF projects
https://falco.org/ is a security-focused monitoring and alerting with an eBPF option
- eBPF β Running sandboxed programs in a privileged context such as OS kernel
-
Implement DevSecOps to Secure your CI/CD pipeline
Falco is a cloud native Kubernetes threat detection tool. It can detect unexpected behavior, intrusions, and data theft in real time. In the backend, it uses Linux eBPF technology to trace your system and applications at runtime. For example, it can detect if someone tries to read a secret file inside a container, access a pod as a root user, etc, and trigger a webhook or send logs to the monitoring system. There are similar tools like Tetragon, KubeArmor, and Tracee which also provide Kubernetes runtime security.
-
Blackhat 2022 recap β Trends and highlights
Log everything but know the limits: the golden rule of security is to log everything, but in some cases we exceed the limits. Attackers use this to hide their actions and go unnoticed. At this point, we want to highlight another option. Try to detect at runtime or at the time when these logs occur to avoid the large amount of logs (only one window is sufficient if the initial compromise attack is detected). That is what Falco open source tries to do.
- Live Packet Capture to Grafana
-
Manage Falco easier with Giant Swarm App Platform
Falco is the de facto Kubernetes threat detection engine, and also extends its reach to cloud and Linux hosts. It monitors the behavior of every process in the node and can alert us when something fishy happens.
What are some alternatives?
k8s-prometheus-adapter - An implementation of the custom.metrics.k8s.io API using Prometheus
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
argo - Workflow Engine for Kubernetes
Kyverno - Kubernetes Native Policy Management
istio - Connect, secure, control, and observe services.
karpenter-provider-aws - Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
gatekeeper - π Gatekeeper - Policy Controller for Kubernetes
kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
helm - The Kubernetes Package Manager
grype - A vulnerability scanner for container images and filesystems